Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3739c24d8fa7e1c18a7febaf186ad0b378f468ef8865525acd408ab71134d5c7

  • Size

    205KB

  • Sample

    221125-1dgfwagd23

  • MD5

    1443a2756db28e9036f5310d423233c5

  • SHA1

    76dc801167f6a5d84b27562157873520b4ae5899

  • SHA256

    3739c24d8fa7e1c18a7febaf186ad0b378f468ef8865525acd408ab71134d5c7

  • SHA512

    514edc6c3ad7811a676b5aeba822b58c3bcd2cc3b2b24ac95c962986c3d2648e3268204e469f1313d39be84e3d4a4d4e1de78cb5a796a2dcd53bc1701a09a3ce

  • SSDEEP

    3072:2qhMPssRhlARSOsdwD/98out3SDADeak7dJHB/AKG:2qhMPssRARoiSoS3SsQLH5AK

Malware Config

Targets

    • Target

      3739c24d8fa7e1c18a7febaf186ad0b378f468ef8865525acd408ab71134d5c7

    • Size

      205KB

    • MD5

      1443a2756db28e9036f5310d423233c5

    • SHA1

      76dc801167f6a5d84b27562157873520b4ae5899

    • SHA256

      3739c24d8fa7e1c18a7febaf186ad0b378f468ef8865525acd408ab71134d5c7

    • SHA512

      514edc6c3ad7811a676b5aeba822b58c3bcd2cc3b2b24ac95c962986c3d2648e3268204e469f1313d39be84e3d4a4d4e1de78cb5a796a2dcd53bc1701a09a3ce

    • SSDEEP

      3072:2qhMPssRhlARSOsdwD/98out3SDADeak7dJHB/AKG:2qhMPssRARoiSoS3SsQLH5AK

    • Modifies WinLogon for persistence

    • Modifies system executable filetype association

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • UAC bypass

    • Disables RegEdit via registry modification

    • Disables use of System Restore points

    • Executes dropped EXE

    • Sets file execution options in registry

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks