Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

75b8be410e...9e.exe

windows7-x64

10

75b8be410e...9e.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    75b8be410e2039671a02f38f56e7bb3048bed72b99ccefccd8f1d21d9299159e

  • Size

    397KB

  • Sample

    221129-jh1lwacf9s

  • MD5

    d1ff42bbf3cb032e645abb971be30e6c

  • SHA1

    50c075163e3c1928d2e1d5e8bf8aa3826fdf3e85

  • SHA256

    75b8be410e2039671a02f38f56e7bb3048bed72b99ccefccd8f1d21d9299159e

  • SHA512

    84965cf4b07261748e6d3930e0f3cc27acb2e6d2568e206c4c246ced9bec593a38940b81cfb43f482b2a2216bfee887dba67fbac8858bb93bdc1121d7e5809a7

  • SSDEEP

    1536:4yh5JT8iIHLryUCkffLUsKrqGloK6votWdZGu030J49+I+CZ3wes:4c558LHnyUbT/Io7B0843X3w

Score
10/10
evasionpersistencespywarestealertrojanupx

Malware Config

Targets

    • Target

      75b8be410e2039671a02f38f56e7bb3048bed72b99ccefccd8f1d21d9299159e

    • Size

      397KB

    • MD5

      d1ff42bbf3cb032e645abb971be30e6c

    • SHA1

      50c075163e3c1928d2e1d5e8bf8aa3826fdf3e85

    • SHA256

      75b8be410e2039671a02f38f56e7bb3048bed72b99ccefccd8f1d21d9299159e

    • SHA512

      84965cf4b07261748e6d3930e0f3cc27acb2e6d2568e206c4c246ced9bec593a38940b81cfb43f482b2a2216bfee887dba67fbac8858bb93bdc1121d7e5809a7

    • SSDEEP

      1536:4yh5JT8iIHLryUCkffLUsKrqGloK6votWdZGu030J49+I+CZ3wes:4c558LHnyUbT/Io7B0843X3w

    Score
    10/10
    evasionpersistencespywarestealertrojanupx

    • Modifies firewall policy service

      evasion

    • Modifies security service

      evasion

    • Modifies visibility of file extensions in Explorer

      evasion

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Disables taskbar notifications via registry modification

      evasion

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Sets file execution options in registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks