Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c46805d51bfee760e479a708d5b3a0d1e089396103d01f0693c3fc5edbd9760b

  • Size

    342KB

  • Sample

    221028-wtevrshga7

  • MD5

    0bf09fb0d1755a016eede7ac78b1d94b

  • SHA1

    1fc39f7cf35a1c17f06b1e5709423b51c3520594

  • SHA256

    c46805d51bfee760e479a708d5b3a0d1e089396103d01f0693c3fc5edbd9760b

  • SHA512

    120d11133bea049fb9e9916a199ef6eadfb828f8f420d068c5a8a3ada16c8faa82abbe344fa1f45a38dae9b25d1369e3fc2a53f1323fc5aea283b885d121577b

  • SSDEEP

    6144:ARqmpp+amNOGokzLyM9tsLAitQo6tzOKkzIt8gKyfjxfR9D2j4yOWYbCyQ:UqmpplpGoGL3etQoMiXM8gxf/Sj4y0Q

Malware Config

Targets

    • Target

      c46805d51bfee760e479a708d5b3a0d1e089396103d01f0693c3fc5edbd9760b

    • Size

      342KB

    • MD5

      0bf09fb0d1755a016eede7ac78b1d94b

    • SHA1

      1fc39f7cf35a1c17f06b1e5709423b51c3520594

    • SHA256

      c46805d51bfee760e479a708d5b3a0d1e089396103d01f0693c3fc5edbd9760b

    • SHA512

      120d11133bea049fb9e9916a199ef6eadfb828f8f420d068c5a8a3ada16c8faa82abbe344fa1f45a38dae9b25d1369e3fc2a53f1323fc5aea283b885d121577b

    • SSDEEP

      6144:ARqmpp+amNOGokzLyM9tsLAitQo6tzOKkzIt8gKyfjxfR9D2j4yOWYbCyQ:UqmpplpGoGL3etQoMiXM8gxf/Sj4y0Q

    • Modifies WinLogon for persistence

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Adds policy Run key to start application

    • Executes dropped EXE

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Deletes itself

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks