Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

0d78a02219...9c.exe

windows7-x64

9

0d78a02219...9c.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0d78a022196c705bb56cb2524a61074259ba59ae2fb1a0b9ad6629c49221cd9c

  • Size

    748KB

  • Sample

    221123-yhvg7aab97

  • MD5

    c6f237f5dc01f8799976986285f64a6f

  • SHA1

    b05d6cdd25bb4878b947096a43342c564ec5cd98

  • SHA256

    0d78a022196c705bb56cb2524a61074259ba59ae2fb1a0b9ad6629c49221cd9c

  • SHA512

    82558951013b0561d557a4102ee21cd3e3fbadea3fbc7b6c0c74b4e1c75ce306f7679477dc682f50f365fef33e8ffcc80d5c74d42127b87e592f99b9e789f3b4

  • SSDEEP

    12288:QK4SzOnd/1KReU744mkKIGldg8q3tQKdAAMwAG68hZyl+DjmLsz6KTfNoVS+EVGf:Mm4QLjv0dgTdQFAMwX68hZ8+DjmLg6iS

Score
9/10
bootkitpersistence

Malware Config

Targets

    • Target

      0d78a022196c705bb56cb2524a61074259ba59ae2fb1a0b9ad6629c49221cd9c

    • Size

      748KB

    • MD5

      c6f237f5dc01f8799976986285f64a6f

    • SHA1

      b05d6cdd25bb4878b947096a43342c564ec5cd98

    • SHA256

      0d78a022196c705bb56cb2524a61074259ba59ae2fb1a0b9ad6629c49221cd9c

    • SHA512

      82558951013b0561d557a4102ee21cd3e3fbadea3fbc7b6c0c74b4e1c75ce306f7679477dc682f50f365fef33e8ffcc80d5c74d42127b87e592f99b9e789f3b4

    • SSDEEP

      12288:QK4SzOnd/1KReU744mkKIGldg8q3tQKdAAMwAG68hZyl+DjmLsz6KTfNoVS+EVGf:Mm4QLjv0dgTdQFAMwX68hZ8+DjmLg6iS

    Score
    9/10
    bootkitpersistence

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks