Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3b737fe6f838d72c9f28ddb5ea1c27257ceca61d9db3e36bae9dec9aa1c540b8

  • Size

    248KB

  • Sample

    221019-rr6hgsbfe2

  • MD5

    a123251af864122aa944e99d145b0051

  • SHA1

    ef8aef577bb37e2badd7d2705eebf9c83b156b42

  • SHA256

    3b737fe6f838d72c9f28ddb5ea1c27257ceca61d9db3e36bae9dec9aa1c540b8

  • SHA512

    ee62b85b66dc71811148d10d57b4b7d58df07d3cd63a50e2aad8c7d2d092d1ab300f5d48f7c63b1a31c6d98c9ec38b8a9e3c4cc07a8e2d2e2a6e84a95ebfccf9

  • SSDEEP

    6144:huMJWY+qaHEQCcYfSBYJbQCjRcqESEgm6Anhc1kG6EmRzxs:h+YcUc6SBLLTSEgBAnhc1kGsxs

Score
10/10

Malware Config

Targets

    • Target

      3b737fe6f838d72c9f28ddb5ea1c27257ceca61d9db3e36bae9dec9aa1c540b8

    • Size

      248KB

    • MD5

      a123251af864122aa944e99d145b0051

    • SHA1

      ef8aef577bb37e2badd7d2705eebf9c83b156b42

    • SHA256

      3b737fe6f838d72c9f28ddb5ea1c27257ceca61d9db3e36bae9dec9aa1c540b8

    • SHA512

      ee62b85b66dc71811148d10d57b4b7d58df07d3cd63a50e2aad8c7d2d092d1ab300f5d48f7c63b1a31c6d98c9ec38b8a9e3c4cc07a8e2d2e2a6e84a95ebfccf9

    • SSDEEP

      6144:huMJWY+qaHEQCcYfSBYJbQCjRcqESEgm6Anhc1kG6EmRzxs:h+YcUc6SBLLTSEgBAnhc1kGsxs

    Score
    10/10
    • Modifies WinLogon for persistence

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks