Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fea65ceac9d3be7d5098ad773664ff4f0e1c0cee2931977cc2bb33fabe8ce622

  • Size

    888KB

  • Sample

    221128-aaaaaahe59

  • MD5

    7223edee35442e6b521b69b1032d60a9

  • SHA1

    64537399f7a94b0b883d5a1a299ec791d79b685c

  • SHA256

    fea65ceac9d3be7d5098ad773664ff4f0e1c0cee2931977cc2bb33fabe8ce622

  • SHA512

    6ff6a01bcfa28e691026ddcbccc109a9f01e9215ede52c33546b7a545b9d0d856cba02c479a92db17347bf71ef45cb1f696c97bcc060027c6cc7d51dfd435c9c

  • SSDEEP

    24576:fdO0aYXCdo11NyazLtpeLOJl6tHLEkocpn:fdIYXTxyazLtpeLO76ekdp

Malware Config

Targets

    • Target

      fea65ceac9d3be7d5098ad773664ff4f0e1c0cee2931977cc2bb33fabe8ce622

    • Size

      888KB

    • MD5

      7223edee35442e6b521b69b1032d60a9

    • SHA1

      64537399f7a94b0b883d5a1a299ec791d79b685c

    • SHA256

      fea65ceac9d3be7d5098ad773664ff4f0e1c0cee2931977cc2bb33fabe8ce622

    • SHA512

      6ff6a01bcfa28e691026ddcbccc109a9f01e9215ede52c33546b7a545b9d0d856cba02c479a92db17347bf71ef45cb1f696c97bcc060027c6cc7d51dfd435c9c

    • SSDEEP

      24576:fdO0aYXCdo11NyazLtpeLOJl6tHLEkocpn:fdIYXTxyazLtpeLO76ekdp

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Registers COM server for autorun

    • Sets DLL path for service in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks