Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9af414175d1a699f426f5c071c691a560633db47b8d59c9f53298a6eebb206a6

  • Size

    888KB

  • Sample

    221030-vprhbsbcc4

  • MD5

    82e29f4581342f7d18464fe7935bb600

  • SHA1

    e0220e5ba3023f2fb42c2f9d379b809c3f2f7aca

  • SHA256

    9af414175d1a699f426f5c071c691a560633db47b8d59c9f53298a6eebb206a6

  • SHA512

    2ad530c75edc9c62b15ae1384b4c7f1a7b83d7407bab08ba580d540e1f09c423beda98006b1b3931447c82d78b783860e43541e545f2a206f70d78a153a1134e

  • SSDEEP

    12288:VHATf2ycdFG9+krC8MIvumXdw9eDuUltBeDuUlVEtEvVxpbN:Va2ycPU+krC8tWAw+yxpbN

Malware Config

Targets

    • Target

      9af414175d1a699f426f5c071c691a560633db47b8d59c9f53298a6eebb206a6

    • Size

      888KB

    • MD5

      82e29f4581342f7d18464fe7935bb600

    • SHA1

      e0220e5ba3023f2fb42c2f9d379b809c3f2f7aca

    • SHA256

      9af414175d1a699f426f5c071c691a560633db47b8d59c9f53298a6eebb206a6

    • SHA512

      2ad530c75edc9c62b15ae1384b4c7f1a7b83d7407bab08ba580d540e1f09c423beda98006b1b3931447c82d78b783860e43541e545f2a206f70d78a153a1134e

    • SSDEEP

      12288:VHATf2ycdFG9+krC8MIvumXdw9eDuUltBeDuUlVEtEvVxpbN:Va2ycPU+krC8tWAw+yxpbN

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks