Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

9977667c2c...b2.exe

windows7-x64

10

9977667c2c...b2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9977667c2cbbcaec1a2bab8eef10d25d61b381bc3e5686c1e7f07721d6e8ccb2

  • Size

    564KB

  • Sample

    221203-dayjnaca21

  • MD5

    f07ca0bf5aa6c52f33e3d83852eb6ffc

  • SHA1

    6f4277b6d4b58f54a45ff5da54c7529ea01fd02c

  • SHA256

    9977667c2cbbcaec1a2bab8eef10d25d61b381bc3e5686c1e7f07721d6e8ccb2

  • SHA512

    679f83e7ae340386054cb371bf58f1793dc244e4cac642c87c10bdd37a80d23447f18083ea4345be9cafcf0a23324eda6db2702f2b580004a7e458e9dc6c12ec

  • SSDEEP

    6144:F8XXRUw9Oz5+iUU03pej1YpTYzOb0kLXhlJFTaLTGu0yvHcr+JB8aU:OnRy+ZyYpaCDJFuPyAHcqrU

Score
10/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      9977667c2cbbcaec1a2bab8eef10d25d61b381bc3e5686c1e7f07721d6e8ccb2

    • Size

      564KB

    • MD5

      f07ca0bf5aa6c52f33e3d83852eb6ffc

    • SHA1

      6f4277b6d4b58f54a45ff5da54c7529ea01fd02c

    • SHA256

      9977667c2cbbcaec1a2bab8eef10d25d61b381bc3e5686c1e7f07721d6e8ccb2

    • SHA512

      679f83e7ae340386054cb371bf58f1793dc244e4cac642c87c10bdd37a80d23447f18083ea4345be9cafcf0a23324eda6db2702f2b580004a7e458e9dc6c12ec

    • SSDEEP

      6144:F8XXRUw9Oz5+iUU03pej1YpTYzOb0kLXhlJFTaLTGu0yvHcr+JB8aU:OnRy+ZyYpaCDJFuPyAHcqrU

    Score
    10/10
    evasionpersistencetrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Adds policy Run key to start application

      persistence

    • Disables RegEdit via registry modification

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks