Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

485096d358...79.jar

windows7-x64

10

485096d358...79.jar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    485096d3585435a174bac6a0d43140c4c8a0ca79

  • Size

    263KB

  • Sample

    230202-qw9v2abf7y

  • MD5

    4b798fe8fc253c99025a61d3a5eadb02

  • SHA1

    485096d3585435a174bac6a0d43140c4c8a0ca79

  • SHA256

    cfdace4d2aa40a226f876f8de2fa1c04d3defc161dcee8be705cc62464e0ad23

  • SHA512

    7946a4d771e9dddd4534f0acb3f6828d90ac494b4abcd88a412205a7e327c6ca16c4b8bc20285feee91777b8cf71f812871104dc5a1897c55a3ab46f5edd58b5

  • SSDEEP

    3072:Cl8K+b2aeiVH6EN8zDWe4b1CHJmVIoXsdXYRYSt+ohoLfvKQ9l5m4DKxRfhWsTn4:CmDVDDCJmGoXsdokS0K05m7RfpTKhz9

Score
10/10
adwindevasionpersistencetrojan

Malware Config

Targets

    • Target

      485096d3585435a174bac6a0d43140c4c8a0ca79

    • Size

      263KB

    • MD5

      4b798fe8fc253c99025a61d3a5eadb02

    • SHA1

      485096d3585435a174bac6a0d43140c4c8a0ca79

    • SHA256

      cfdace4d2aa40a226f876f8de2fa1c04d3defc161dcee8be705cc62464e0ad23

    • SHA512

      7946a4d771e9dddd4534f0acb3f6828d90ac494b4abcd88a412205a7e327c6ca16c4b8bc20285feee91777b8cf71f812871104dc5a1897c55a3ab46f5edd58b5

    • SSDEEP

      3072:Cl8K+b2aeiVH6EN8zDWe4b1CHJmVIoXsdXYRYSt+ohoLfvKQ9l5m4DKxRfhWsTn4:CmDVDDCJmGoXsdokS0K05m7RfpTKhz9

    Score
    10/10
    adwindevasionpersistencetrojan

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

      trojanadwind

    • UAC bypass

      evasiontrojan

    • Disables Task Manager via registry modification

      evasion

    • Disables use of System Restore points

      evasion

    • Executes dropped EXE

    • Sets file execution options in registry

      persistence

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks