Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4a6deb36dd1500d2cf1dc7a1a562e665a46018c1386a1e4159a6a688f1a5a590

  • Size

    77KB

  • Sample

    221204-bsczkaaa2y

  • MD5

    0220615191ea4e9d6f4442b57b7be970

  • SHA1

    0ac943ed69468babfd8fe7ff62534763fe835805

  • SHA256

    4a6deb36dd1500d2cf1dc7a1a562e665a46018c1386a1e4159a6a688f1a5a590

  • SHA512

    af7554c39d80779b28e463d89cc89ca04edd141c6d5062c516548e8d3cf24ffe31e632297e98d59c8f685e9ea6d9eb61d5685c939e619084cb5a8bd0a02b4706

  • SSDEEP

    768:QMXkE7U60L5jTgc/iPQc0Ic+a+GlKyHu0y3u02qU6E4/IJe/nbcuyD7UIu:QMUYU6U5jUdPQc+n35KZg8/nouy8Iu

Malware Config

Targets

    • Target

      4a6deb36dd1500d2cf1dc7a1a562e665a46018c1386a1e4159a6a688f1a5a590

    • Size

      77KB

    • MD5

      0220615191ea4e9d6f4442b57b7be970

    • SHA1

      0ac943ed69468babfd8fe7ff62534763fe835805

    • SHA256

      4a6deb36dd1500d2cf1dc7a1a562e665a46018c1386a1e4159a6a688f1a5a590

    • SHA512

      af7554c39d80779b28e463d89cc89ca04edd141c6d5062c516548e8d3cf24ffe31e632297e98d59c8f685e9ea6d9eb61d5685c939e619084cb5a8bd0a02b4706

    • SSDEEP

      768:QMXkE7U60L5jTgc/iPQc0Ic+a+GlKyHu0y3u02qU6E4/IJe/nbcuyD7UIu:QMUYU6U5jUdPQc+n35KZg8/nouy8Iu

    • Modifies WinLogon for persistence

    • Modifies system executable filetype association

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • UAC bypass

    • Disables RegEdit via registry modification

    • Disables use of System Restore points

    • Executes dropped EXE

    • Sets file execution options in registry

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks