Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

38abb6d28c...4c.exe

windows7-x64

10

38abb6d28c...4c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    38abb6d28cc0ead48ecfd47f0598a3957ec4f4d068b268eaedb8accb97410e4c

  • Size

    92KB

  • Sample

    221121-3dtgjsbd39

  • MD5

    f2e8f8fe0b4d4d734d5304fd6ef16d47

  • SHA1

    c999b38f3c226716e161f8a6b2346d386a6c218b

  • SHA256

    38abb6d28cc0ead48ecfd47f0598a3957ec4f4d068b268eaedb8accb97410e4c

  • SHA512

    a31f7b4c318bd76a40be273463571c8eeadbd0293393226a8a16cc84ca5ec78e906d5bcc645e62788f8f3c1e1ee7de592ab23f8a0c2f945274839e493e3ed0e6

  • SSDEEP

    1536:cgRswP+BgWekSIyUpbjFyjxEyxFJ7wRqqt:SwGKWeXIxFIEyt7Ydt

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      38abb6d28cc0ead48ecfd47f0598a3957ec4f4d068b268eaedb8accb97410e4c

    • Size

      92KB

    • MD5

      f2e8f8fe0b4d4d734d5304fd6ef16d47

    • SHA1

      c999b38f3c226716e161f8a6b2346d386a6c218b

    • SHA256

      38abb6d28cc0ead48ecfd47f0598a3957ec4f4d068b268eaedb8accb97410e4c

    • SHA512

      a31f7b4c318bd76a40be273463571c8eeadbd0293393226a8a16cc84ca5ec78e906d5bcc645e62788f8f3c1e1ee7de592ab23f8a0c2f945274839e493e3ed0e6

    • SSDEEP

      1536:cgRswP+BgWekSIyUpbjFyjxEyxFJ7wRqqt:SwGKWeXIxFIEyt7Ydt

    Score
    10/10
    evasionpersistenceupx

    • Modifies firewall policy service

      evasion

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Sets file execution options in registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks