Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f23c27c413057db5a7640831332d3ca92775a56a5883ed946ccb58506d17f975

  • Size

    620KB

  • Sample

    221204-nrkz1aed85

  • MD5

    49ccb9a7b4617858e3bc7e90a3211e1a

  • SHA1

    61df52c3259682c21b8ea0595def9e184b8a5c34

  • SHA256

    f23c27c413057db5a7640831332d3ca92775a56a5883ed946ccb58506d17f975

  • SHA512

    476f8e5680e96239956163517346f8394634120b87569124a00bc15f601eaea4a8a147c25f2321c4978dfcfb322064440be01e60ef2d7a647109dd44b06cd8fd

  • SSDEEP

    12288:XoTxdR5JFZbCARQ6+8cGuHhUgw7A3JwlEtMUz3p:exddrHRQ/xan8yitM25

Malware Config

Targets

    • Target

      f23c27c413057db5a7640831332d3ca92775a56a5883ed946ccb58506d17f975

    • Size

      620KB

    • MD5

      49ccb9a7b4617858e3bc7e90a3211e1a

    • SHA1

      61df52c3259682c21b8ea0595def9e184b8a5c34

    • SHA256

      f23c27c413057db5a7640831332d3ca92775a56a5883ed946ccb58506d17f975

    • SHA512

      476f8e5680e96239956163517346f8394634120b87569124a00bc15f601eaea4a8a147c25f2321c4978dfcfb322064440be01e60ef2d7a647109dd44b06cd8fd

    • SSDEEP

      12288:XoTxdR5JFZbCARQ6+8cGuHhUgw7A3JwlEtMUz3p:exddrHRQ/xan8yitM25

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Modifies Installed Components in the registry

    • Adds Run key to start application

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks