Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7ec3fdb7a8...ff.exe

windows7-x64

10

7ec3fdb7a8...ff.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7ec3fdb7a8e1dd80fc18516566a5ba5fbcad7eba9985054834049d1efba902ff

  • Size

    456KB

  • Sample

    221029-xyhmwscbem

  • MD5

    a39db38a3a96c560a46b1a52ca1214a3

  • SHA1

    0d1df40a164400c3a3ad578794ac23f60cd3ec44

  • SHA256

    7ec3fdb7a8e1dd80fc18516566a5ba5fbcad7eba9985054834049d1efba902ff

  • SHA512

    c4a9fc329a292285502e9083fabd46000065197b51598109b461afc16d03b4f149af92fa9024397cf33cb5773757414904cbb25902e363a7973e3e66b1d8a49b

  • SSDEEP

    12288:jEVXKpmokOif4JgTIoq43H2cE05nMx11DGkfb7i:jEtRGiAJgMe3H2cJCx1YOb7i

Score
10/10
bootkitevasionpersistence

Malware Config

Targets

    • Target

      7ec3fdb7a8e1dd80fc18516566a5ba5fbcad7eba9985054834049d1efba902ff

    • Size

      456KB

    • MD5

      a39db38a3a96c560a46b1a52ca1214a3

    • SHA1

      0d1df40a164400c3a3ad578794ac23f60cd3ec44

    • SHA256

      7ec3fdb7a8e1dd80fc18516566a5ba5fbcad7eba9985054834049d1efba902ff

    • SHA512

      c4a9fc329a292285502e9083fabd46000065197b51598109b461afc16d03b4f149af92fa9024397cf33cb5773757414904cbb25902e363a7973e3e66b1d8a49b

    • SSDEEP

      12288:jEVXKpmokOif4JgTIoq43H2cE05nMx11DGkfb7i:jEtRGiAJgMe3H2cJCx1YOb7i

    Score
    10/10
    bootkitevasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks