Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9734e9f40aca93d5651a3f879a0e37c5ffc5e4865ff9e30f9113c369508e0e51
-
Size
1016KB
-
Sample
221003-jh71ysdfb6
-
MD5
668276ce2a6a32018460ddf9de4dc5b0
-
SHA1
7c02536f057ac4d06c1c62ed6b8a7c9ee566b416
-
SHA256
9734e9f40aca93d5651a3f879a0e37c5ffc5e4865ff9e30f9113c369508e0e51
-
SHA512
c94fbe5e5ce9d7151a7e0cac84c06f6a65da56514729998a670c7461d682ae4826c1405d05b8d2169b480d4b4df49fe44aedda04c64613bf6da1977861febea5
-
SSDEEP
6144:UIXsL0tvrSVz1DnemeYbpsnEf78AoXh6KkiD0OofzA+/VygHUzx84a2lXUW:UIXsgtvm1De5YlOx6lzBH46Uzf7lXUW
Malware Config
Targets
-
-
Target
9734e9f40aca93d5651a3f879a0e37c5ffc5e4865ff9e30f9113c369508e0e51
-
Size
1016KB
-
MD5
668276ce2a6a32018460ddf9de4dc5b0
-
SHA1
7c02536f057ac4d06c1c62ed6b8a7c9ee566b416
-
SHA256
9734e9f40aca93d5651a3f879a0e37c5ffc5e4865ff9e30f9113c369508e0e51
-
SHA512
c94fbe5e5ce9d7151a7e0cac84c06f6a65da56514729998a670c7461d682ae4826c1405d05b8d2169b480d4b4df49fe44aedda04c64613bf6da1977861febea5
-
SSDEEP
6144:UIXsL0tvrSVz1DnemeYbpsnEf78AoXh6KkiD0OofzA+/VygHUzx84a2lXUW:UIXsgtvm1De5YlOx6lzBH46Uzf7lXUW
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-