Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    200a0eaad2222057df3e4799f2962f5e998fef6bfce1649a3d2ac0dc6bb0a68a

  • Size

    1016KB

  • Sample

    221021-dljvmshegl

  • MD5

    7c426cef8ecaa87b81ffe2b200ffe7e0

  • SHA1

    a3523449271aba6cf346f2e2b3463b57fbdeccfa

  • SHA256

    200a0eaad2222057df3e4799f2962f5e998fef6bfce1649a3d2ac0dc6bb0a68a

  • SHA512

    0a2ca0ed75b7109b0718a2705e639b89e1cfc4b927fbf26417735e039c7372b59c094ee89efc857c96d818fc460168b40b9f4f857dbdacc1bbf512c691628f14

  • SSDEEP

    6144:oIXsL0tvrSVz1DnemeYbpsnEf78AoXh6KkiD0OofzA+/VygHU:oIXsgtvm1De5YlOx6lzBH46U

Malware Config

Targets

    • Target

      200a0eaad2222057df3e4799f2962f5e998fef6bfce1649a3d2ac0dc6bb0a68a

    • Size

      1016KB

    • MD5

      7c426cef8ecaa87b81ffe2b200ffe7e0

    • SHA1

      a3523449271aba6cf346f2e2b3463b57fbdeccfa

    • SHA256

      200a0eaad2222057df3e4799f2962f5e998fef6bfce1649a3d2ac0dc6bb0a68a

    • SHA512

      0a2ca0ed75b7109b0718a2705e639b89e1cfc4b927fbf26417735e039c7372b59c094ee89efc857c96d818fc460168b40b9f4f857dbdacc1bbf512c691628f14

    • SSDEEP

      6144:oIXsL0tvrSVz1DnemeYbpsnEf78AoXh6KkiD0OofzA+/VygHU:oIXsgtvm1De5YlOx6lzBH46U

    • Modifies WinLogon for persistence

    • UAC bypass

    • Adds policy Run key to start application

    • Disables RegEdit via registry modification

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks