Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c7729bf3060b55c76e0b85ead974496a2f14555691162fbbc509f3f612c67458

  • Size

    556KB

  • Sample

    221129-gp1jcafb61

  • MD5

    f0039c9f1087c3fed31648bf39a71d7c

  • SHA1

    1c7090581e7ee33f016e001cef38a3f383d0f7f8

  • SHA256

    c7729bf3060b55c76e0b85ead974496a2f14555691162fbbc509f3f612c67458

  • SHA512

    9cd088e69a3a919b2ae98dc43d9c441e6adda7bd335019ebdb066f8dad8b1598fc099b5514ad4b7a42496170dc2a5f6d761b4e1c04326c06a3f9d9552d0e7ae6

  • SSDEEP

    12288:X6bvdl0zCB8EDItMTzwg7lMQsvNuqZBRbZEYTwdD7IjLgnx:4vdezCByqTtlMQsFuqzRbzI7Iy

Malware Config

Targets

    • Target

      c7729bf3060b55c76e0b85ead974496a2f14555691162fbbc509f3f612c67458

    • Size

      556KB

    • MD5

      f0039c9f1087c3fed31648bf39a71d7c

    • SHA1

      1c7090581e7ee33f016e001cef38a3f383d0f7f8

    • SHA256

      c7729bf3060b55c76e0b85ead974496a2f14555691162fbbc509f3f612c67458

    • SHA512

      9cd088e69a3a919b2ae98dc43d9c441e6adda7bd335019ebdb066f8dad8b1598fc099b5514ad4b7a42496170dc2a5f6d761b4e1c04326c06a3f9d9552d0e7ae6

    • SSDEEP

      12288:X6bvdl0zCB8EDItMTzwg7lMQsvNuqZBRbZEYTwdD7IjLgnx:4vdezCByqTtlMQsFuqzRbzI7Iy

    • Modifies WinLogon for persistence

    • UAC bypass

    • Adds policy Run key to start application

    • Disables RegEdit via registry modification

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks