Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a95bd73e6a5d85b0917df4e6ce4c407c6a9b677e9d3da2a998b0de804e91c2c8

  • Size

    180KB

  • Sample

    221204-cfrsmagb82

  • MD5

    f9a0fd9594d9b8573c53772bc15d11e0

  • SHA1

    492c0faad24bcd6ca6a362edd2f21f624d1645bd

  • SHA256

    a95bd73e6a5d85b0917df4e6ce4c407c6a9b677e9d3da2a998b0de804e91c2c8

  • SHA512

    4e4a1a064c5518005647891576af1564db473f6d6b7335fcb5386dcb6bc581eadfd0a300129fbb545bbf2f5ed31cfcfd9e42c88b5b8f532b9197b297d3e75d3f

  • SSDEEP

    3072:en4cV8gf2u41Z5tKlH7CzACLtRk3OwquXvz7+IGqEJuj:M4y8gOl2xMA2X5uX7VGjJuj

Malware Config

Targets

    • Target

      a95bd73e6a5d85b0917df4e6ce4c407c6a9b677e9d3da2a998b0de804e91c2c8

    • Size

      180KB

    • MD5

      f9a0fd9594d9b8573c53772bc15d11e0

    • SHA1

      492c0faad24bcd6ca6a362edd2f21f624d1645bd

    • SHA256

      a95bd73e6a5d85b0917df4e6ce4c407c6a9b677e9d3da2a998b0de804e91c2c8

    • SHA512

      4e4a1a064c5518005647891576af1564db473f6d6b7335fcb5386dcb6bc581eadfd0a300129fbb545bbf2f5ed31cfcfd9e42c88b5b8f532b9197b297d3e75d3f

    • SSDEEP

      3072:en4cV8gf2u41Z5tKlH7CzACLtRk3OwquXvz7+IGqEJuj:M4y8gOl2xMA2X5uX7VGjJuj

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks