Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c4916e4e8c3618bf1ca62a5f00bd2f1ad6ac65b0fb3166ff683c447b527a0bae
-
Size
388KB
-
Sample
221203-ncb4jshg5x
-
MD5
f889a57591697bde1036a231a29c3207
-
SHA1
3ba251d27b16bde14c3776d879db5b50166bb72e
-
SHA256
c4916e4e8c3618bf1ca62a5f00bd2f1ad6ac65b0fb3166ff683c447b527a0bae
-
SHA512
460f6a087fca6a4d5c594a357ca53502748aad7b73e2d50cbf804ff72cadaa3772c467b5547f8f6c3093265f6082eb09063ce3606f5c26bce4900d5efedf7b09
-
SSDEEP
6144:CYZTNk3D6LyUXwLLk+cR3qh0GQ43VJRD0ew+/hOvK2o4nFOrz0Ypzu/S8+k7B7:CSNC80I+cR3R03VseXOvc4krwSzW+kt7
Behavioral task
behavioral1
Sample
c4916e4e8c3618bf1ca62a5f00bd2f1ad6ac65b0fb3166ff683c447b527a0bae.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
c4916e4e8c3618bf1ca62a5f00bd2f1ad6ac65b0fb3166ff683c447b527a0bae.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
c4916e4e8c3618bf1ca62a5f00bd2f1ad6ac65b0fb3166ff683c447b527a0bae
-
Size
388KB
-
MD5
f889a57591697bde1036a231a29c3207
-
SHA1
3ba251d27b16bde14c3776d879db5b50166bb72e
-
SHA256
c4916e4e8c3618bf1ca62a5f00bd2f1ad6ac65b0fb3166ff683c447b527a0bae
-
SHA512
460f6a087fca6a4d5c594a357ca53502748aad7b73e2d50cbf804ff72cadaa3772c467b5547f8f6c3093265f6082eb09063ce3606f5c26bce4900d5efedf7b09
-
SSDEEP
6144:CYZTNk3D6LyUXwLLk+cR3qh0GQ43VJRD0ew+/hOvK2o4nFOrz0Ypzu/S8+k7B7:CSNC80I+cR3R03VseXOvc4krwSzW+kt7
Score10/10-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-