Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4630b8dd5ddb97c98593cc32c87e5eca194571d089d72c947318638b3d9c249f

  • Size

    1016KB

  • Sample

    221021-dk1rrshefk

  • MD5

    78faaaf754300195e42338290beef920

  • SHA1

    6e35d65b45bbd635018e87574f6d95a44720d4f2

  • SHA256

    4630b8dd5ddb97c98593cc32c87e5eca194571d089d72c947318638b3d9c249f

  • SHA512

    f98fc7fc80a570f4c6bde5f4a26b748295c7b377429f4d619d6c910ae086e93d22e4187a4e9a99500c309eca867414c4ed81fd47525e20d76c3098510feda577

  • SSDEEP

    6144:PIXsL0tvrSVz1DnemeYbpsnEf78AoXh6KkiD0OofzA+/VygHU:PIXsgtvm1De5YlOx6lzBH46U

Malware Config

Targets

    • Target

      4630b8dd5ddb97c98593cc32c87e5eca194571d089d72c947318638b3d9c249f

    • Size

      1016KB

    • MD5

      78faaaf754300195e42338290beef920

    • SHA1

      6e35d65b45bbd635018e87574f6d95a44720d4f2

    • SHA256

      4630b8dd5ddb97c98593cc32c87e5eca194571d089d72c947318638b3d9c249f

    • SHA512

      f98fc7fc80a570f4c6bde5f4a26b748295c7b377429f4d619d6c910ae086e93d22e4187a4e9a99500c309eca867414c4ed81fd47525e20d76c3098510feda577

    • SSDEEP

      6144:PIXsL0tvrSVz1DnemeYbpsnEf78AoXh6KkiD0OofzA+/VygHU:PIXsgtvm1De5YlOx6lzBH46U

    • Modifies WinLogon for persistence

    • UAC bypass

    • Adds policy Run key to start application

    • Disables RegEdit via registry modification

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks