Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a495d227efce6211a9d123b40d96cd47251746e4e716048b1a365235fd7e3c82

  • Size

    205KB

  • Sample

    221029-ft4wwsccf4

  • MD5

    61fa3c8fad63f911bc09c0f3400e2954

  • SHA1

    f493e29f2e184723916b4bbf7622eb4d99f77798

  • SHA256

    a495d227efce6211a9d123b40d96cd47251746e4e716048b1a365235fd7e3c82

  • SHA512

    c4fe89e89b50cba43e4eed9e3ebe6954ae9733a60c9c90d2b53e0dec6ea57390120f1ea25a318de6c5481de63ee2cee19a945c57988a69891a6f0fed9761d941

  • SSDEEP

    3072:zqhMPssRhlARSOsdwD/98out3SDADeak7dJHB/AKG:zqhMPssRARoiSoS3SsQLH5AK

Malware Config

Targets

    • Target

      a495d227efce6211a9d123b40d96cd47251746e4e716048b1a365235fd7e3c82

    • Size

      205KB

    • MD5

      61fa3c8fad63f911bc09c0f3400e2954

    • SHA1

      f493e29f2e184723916b4bbf7622eb4d99f77798

    • SHA256

      a495d227efce6211a9d123b40d96cd47251746e4e716048b1a365235fd7e3c82

    • SHA512

      c4fe89e89b50cba43e4eed9e3ebe6954ae9733a60c9c90d2b53e0dec6ea57390120f1ea25a318de6c5481de63ee2cee19a945c57988a69891a6f0fed9761d941

    • SSDEEP

      3072:zqhMPssRhlARSOsdwD/98out3SDADeak7dJHB/AKG:zqhMPssRARoiSoS3SsQLH5AK

    • Modifies WinLogon for persistence

    • Modifies system executable filetype association

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • UAC bypass

    • Disables RegEdit via registry modification

    • Disables use of System Restore points

    • Executes dropped EXE

    • Sets file execution options in registry

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks