Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f0981e91237611b09491cc17628a62ae2654bffec702e5900594bbb98aba86e2

  • Size

    584KB

  • Sample

    221020-1gq5gsfgc3

  • MD5

    8057321335b8890a9f6b3332bbc50774

  • SHA1

    0421b8808a74d3ef33e38177a3f7710d320c4546

  • SHA256

    f0981e91237611b09491cc17628a62ae2654bffec702e5900594bbb98aba86e2

  • SHA512

    bdce8daa9fc2436bbea4892abe4eca5f298ddf6d7b20d20647466b22eb15b24234c044bc58b5879e0c1f4b2f5a5561b6f48f67b981be7a2245e4870beb1610f8

  • SSDEEP

    12288:7pUJ3r6YkVwJgNnSykgb9cqWnw4q6ZmFhqsAv:7pUNr6YkVRFkgbeqeo68Fhq

Malware Config

Targets

    • Target

      f0981e91237611b09491cc17628a62ae2654bffec702e5900594bbb98aba86e2

    • Size

      584KB

    • MD5

      8057321335b8890a9f6b3332bbc50774

    • SHA1

      0421b8808a74d3ef33e38177a3f7710d320c4546

    • SHA256

      f0981e91237611b09491cc17628a62ae2654bffec702e5900594bbb98aba86e2

    • SHA512

      bdce8daa9fc2436bbea4892abe4eca5f298ddf6d7b20d20647466b22eb15b24234c044bc58b5879e0c1f4b2f5a5561b6f48f67b981be7a2245e4870beb1610f8

    • SSDEEP

      12288:7pUJ3r6YkVwJgNnSykgb9cqWnw4q6ZmFhqsAv:7pUNr6YkVRFkgbeqeo68Fhq

    • Modifies WinLogon for persistence

    • UAC bypass

    • Adds policy Run key to start application

    • Disables RegEdit via registry modification

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks