Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9fbc0b8b304dad3901f2205e6f658bb6b418d6ebffd406b113b4f42cb02b05d5
-
Size
284KB
-
Sample
221206-ylcrjsgh65
-
MD5
5734d6763c7ac808169dbc753afb02ec
-
SHA1
2523ac0705b7ddac7ab183473aa7b11ad91ddb2d
-
SHA256
9fbc0b8b304dad3901f2205e6f658bb6b418d6ebffd406b113b4f42cb02b05d5
-
SHA512
e5e41ac1f9378c160a59de32b54c8ecfe60870640120f65106f25ad96637a4cbca90f24fde36e3c0bdc449d3e58e0f522c197a9dbb0d18923e527882be66c67a
-
SSDEEP
6144:PsDIMNVRb9ChrASE6j61ddLb3S2NZuUBxSh4H4:kDIMvRBorARdvSiZU1
Static task
static1
Behavioral task
behavioral1
Sample
9fbc0b8b304dad3901f2205e6f658bb6b418d6ebffd406b113b4f42cb02b05d5.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
9fbc0b8b304dad3901f2205e6f658bb6b418d6ebffd406b113b4f42cb02b05d5.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
9fbc0b8b304dad3901f2205e6f658bb6b418d6ebffd406b113b4f42cb02b05d5
-
Size
284KB
-
MD5
5734d6763c7ac808169dbc753afb02ec
-
SHA1
2523ac0705b7ddac7ab183473aa7b11ad91ddb2d
-
SHA256
9fbc0b8b304dad3901f2205e6f658bb6b418d6ebffd406b113b4f42cb02b05d5
-
SHA512
e5e41ac1f9378c160a59de32b54c8ecfe60870640120f65106f25ad96637a4cbca90f24fde36e3c0bdc449d3e58e0f522c197a9dbb0d18923e527882be66c67a
-
SSDEEP
6144:PsDIMNVRb9ChrASE6j61ddLb3S2NZuUBxSh4H4:kDIMvRBorARdvSiZU1
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-