Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

9fbc0b8b30...d5.exe

windows7-x64

10

9fbc0b8b30...d5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9fbc0b8b304dad3901f2205e6f658bb6b418d6ebffd406b113b4f42cb02b05d5

  • Size

    284KB

  • Sample

    221206-ylcrjsgh65

  • MD5

    5734d6763c7ac808169dbc753afb02ec

  • SHA1

    2523ac0705b7ddac7ab183473aa7b11ad91ddb2d

  • SHA256

    9fbc0b8b304dad3901f2205e6f658bb6b418d6ebffd406b113b4f42cb02b05d5

  • SHA512

    e5e41ac1f9378c160a59de32b54c8ecfe60870640120f65106f25ad96637a4cbca90f24fde36e3c0bdc449d3e58e0f522c197a9dbb0d18923e527882be66c67a

  • SSDEEP

    6144:PsDIMNVRb9ChrASE6j61ddLb3S2NZuUBxSh4H4:kDIMvRBorARdvSiZU1

Score
10/10
bootkitevasionpersistence

Malware Config

Targets

    • Target

      9fbc0b8b304dad3901f2205e6f658bb6b418d6ebffd406b113b4f42cb02b05d5

    • Size

      284KB

    • MD5

      5734d6763c7ac808169dbc753afb02ec

    • SHA1

      2523ac0705b7ddac7ab183473aa7b11ad91ddb2d

    • SHA256

      9fbc0b8b304dad3901f2205e6f658bb6b418d6ebffd406b113b4f42cb02b05d5

    • SHA512

      e5e41ac1f9378c160a59de32b54c8ecfe60870640120f65106f25ad96637a4cbca90f24fde36e3c0bdc449d3e58e0f522c197a9dbb0d18923e527882be66c67a

    • SSDEEP

      6144:PsDIMNVRb9ChrASE6j61ddLb3S2NZuUBxSh4H4:kDIMvRBorARdvSiZU1

    Score
    10/10
    bootkitevasionpersistence

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks