Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    12af93d29007b28f8e5cd5db210de0b91e0e84ca318893a79d0efc11f813fb9d

  • Size

    256KB

  • Sample

    221205-qnx69sgh5x

  • MD5

    5129a643720990da5ac6f1d0d7bd4181

  • SHA1

    57cd9af7745ee0e4b68124bbb8851964d1653cd0

  • SHA256

    12af93d29007b28f8e5cd5db210de0b91e0e84ca318893a79d0efc11f813fb9d

  • SHA512

    9553055fa78c86fd7e51f3bc1454bd7b9aa59a0dc4a25a8e660fbd7a62861b7ca066b52f4d67980e06b487c30695f8a4a9deecbed6a17bb8d664d81bec05bfcb

  • SSDEEP

    3072:54vRJRkTcZ7fcxdl5CTqBoEBClwrnfJMtZbzOPrLRiwte9I1yi5fEB1msmU580Xs:5OHngrYuyRmsm28KJ0I7

Malware Config

Targets

    • Target

      12af93d29007b28f8e5cd5db210de0b91e0e84ca318893a79d0efc11f813fb9d

    • Size

      256KB

    • MD5

      5129a643720990da5ac6f1d0d7bd4181

    • SHA1

      57cd9af7745ee0e4b68124bbb8851964d1653cd0

    • SHA256

      12af93d29007b28f8e5cd5db210de0b91e0e84ca318893a79d0efc11f813fb9d

    • SHA512

      9553055fa78c86fd7e51f3bc1454bd7b9aa59a0dc4a25a8e660fbd7a62861b7ca066b52f4d67980e06b487c30695f8a4a9deecbed6a17bb8d664d81bec05bfcb

    • SSDEEP

      3072:54vRJRkTcZ7fcxdl5CTqBoEBClwrnfJMtZbzOPrLRiwte9I1yi5fEB1msmU580Xs:5OHngrYuyRmsm28KJ0I7

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Modifies security service

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks