Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
6d0e14d66da69c163f824f8fa7d87de3eea41cdbd48c0973de296cf6d2d0fed3.7z
-
Size
2.1MB
-
Sample
221101-xrhdjsfbcn
-
MD5
de980ec8cbc341e66e5cfea70ef8314b
-
SHA1
882ecafbb59b33c592857ec0f80044463f6f7950
-
SHA256
0af8ddbdff0b4305226e8a5e66047bc9dfcbd44aad71bf4067c1b32a70e5a9aa
-
SHA512
fb54fda3db5ab1c59484a3df63506c655e9046173ac935ff9836a8a9e7dd2f5e391597043c1118fed169d19314d0d6d2dc5429efe1daa58e9628b5d3387ab660
-
SSDEEP
49152:tF2pTXqkUpasA6PmfNyigaN+ih8VILfx+frCA50QOP:tF2pTXDUFm0W+ih8w+DCA5wP
Static task
static1
Malware Config
Targets
-
-
Target
6d0e14d66da69c163f824f8fa7d87de3eea41cdbd48c0973de296cf6d2d0fed3
-
Size
3.2MB
-
MD5
32e0a8e898a4aef3abe2c5c26d2570fb
-
SHA1
0c56076f2d4d905a08dc2e8c85a6fd4d184a0846
-
SHA256
6d0e14d66da69c163f824f8fa7d87de3eea41cdbd48c0973de296cf6d2d0fed3
-
SHA512
1cec6e1dd8eaea6bfc00c48403d3263db6a54d4012b87666da5ac2f83748ef9102ed97c026e185d3c8cc0342c8feafd0a27442dfc19d6d37b69a9d91168ab97d
-
SSDEEP
98304:kSiH4opH4opH4opuE9vBuRes1EdKKBEXJhJj:EDBDBDlaezKKB2R
-
Modifies system executable filetype association
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Registers COM server for autorun
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v6
Persistence
Change Default File Association
1Modify Existing Service
1New Service
1Registry Run Keys / Startup Folder
2Scheduled Task
1Defense Evasion
File and Directory Permissions Modification
1Impair Defenses
1Install Root Certificate
1Modify Registry
4