Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    31ff1e523eb2d73423c1487d86cb832c3001576a9ee8510752dc01da0dd8a799

  • Size

    275KB

  • Sample

    221107-t8mg2sgdb8

  • MD5

    0ff2d18f373246c3a611c0996d0452d9

  • SHA1

    b0e39cb91ddcd2b87d56122cb243b7e2faae1a18

  • SHA256

    31ff1e523eb2d73423c1487d86cb832c3001576a9ee8510752dc01da0dd8a799

  • SHA512

    e6ac7fe29e0bdf41528bbd140e2ce442cd4fa30738c685335f21e81a4da8ca588ec87e4877462d88179ec23afdd07acdd463683ba86a86186214e319c3f1e95b

  • SSDEEP

    6144:yniHo6nx2QY7slAFRWNBfrrWK0uTNRiuooqp6pfwWm+gIdJI7l:ySo6xg5kN530xuooqMVwsgN

Malware Config

Targets

    • Target

      31ff1e523eb2d73423c1487d86cb832c3001576a9ee8510752dc01da0dd8a799

    • Size

      275KB

    • MD5

      0ff2d18f373246c3a611c0996d0452d9

    • SHA1

      b0e39cb91ddcd2b87d56122cb243b7e2faae1a18

    • SHA256

      31ff1e523eb2d73423c1487d86cb832c3001576a9ee8510752dc01da0dd8a799

    • SHA512

      e6ac7fe29e0bdf41528bbd140e2ce442cd4fa30738c685335f21e81a4da8ca588ec87e4877462d88179ec23afdd07acdd463683ba86a86186214e319c3f1e95b

    • SSDEEP

      6144:yniHo6nx2QY7slAFRWNBfrrWK0uTNRiuooqp6pfwWm+gIdJI7l:ySo6xg5kN530xuooqMVwsgN

    • Adds policy Run key to start application

    • Disables RegEdit via registry modification

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies WinLogon

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks