Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    04e0d3b87f41a71512400ca6df0875a22a6672dc4fb57f42d990fc248942c991

  • Size

    273KB

  • Sample

    220919-t3e6saggd7

  • MD5

    aad7e430001c57547416b6dcfe3b29a4

  • SHA1

    5b38dfecfc0e7c7cecf542e8191166333e74c548

  • SHA256

    04e0d3b87f41a71512400ca6df0875a22a6672dc4fb57f42d990fc248942c991

  • SHA512

    fc8d7cc0ac1eca9071eda613649bc3a0746eabf319870af930e17876001ae103acc5b57b24e7c3fc6aa8f84aaa7ba7b4c7475b68dd48c452990629746fa47fe7

  • SSDEEP

    6144:mY94NIKotWI35Deg5NEezflAGrEyueeQHEj69Y8P0jI:N9OSX7HflXIME6xPB

Malware Config

Targets

    • Target

      04e0d3b87f41a71512400ca6df0875a22a6672dc4fb57f42d990fc248942c991

    • Size

      273KB

    • MD5

      aad7e430001c57547416b6dcfe3b29a4

    • SHA1

      5b38dfecfc0e7c7cecf542e8191166333e74c548

    • SHA256

      04e0d3b87f41a71512400ca6df0875a22a6672dc4fb57f42d990fc248942c991

    • SHA512

      fc8d7cc0ac1eca9071eda613649bc3a0746eabf319870af930e17876001ae103acc5b57b24e7c3fc6aa8f84aaa7ba7b4c7475b68dd48c452990629746fa47fe7

    • SSDEEP

      6144:mY94NIKotWI35Deg5NEezflAGrEyueeQHEj69Y8P0jI:N9OSX7HflXIME6xPB

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks