Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
sample.zip
-
Size
6.2MB
-
Sample
230216-hf1y7agc57
-
MD5
b44ba3f3a384cc1a95923ad1d257c7d3
-
SHA1
43369335227942ff4b2be89a95f0058fab577de4
-
SHA256
603d05bd523d1c483d7f80a589607fcee43252e1c85ab67ffa9777960e01d26c
-
SHA512
d9b7629f18fa1f96ef9ab52f3df505c5a4801b330554cd4b5e5ac2129344a759d45a0d9f1fdb98b95b8585d62e51fce71c52e88540bb0a7c4903280bdb52ad32
-
SSDEEP
98304:9yLmYtCd0FBDAA7cZP0E57j+GdodjAx0ZbVutqaBPTCeUaKGeHxCebR4LkhxAg:9yLFY0Fmh5+GqtqtqqfpWHxC+4LEOg
Static task
static1
Behavioral task
behavioral1
Sample
7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78
-
Size
6.7MB
-
MD5
ae242bd1226aaa270e2e167c252c4555
-
SHA1
850aed65c3efce9090b4b6552075af3bc57e0659
-
SHA256
7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78
-
SHA512
1c2ae75fe6017957323251d3d8004e41e1f81e3c3c5dba23aecf3902d47e922b731b2ca7232e04d228b7c402140352c75ca77e88afb9de76688cf7b40abd0fa6
-
SSDEEP
98304:is5DZoRvVmqkGpsV7Owx7FYhX4vs/6uur+GZIB6TPgV6Vf4YiYcHR4cLJpB/EO:v+RvV9kGMxF8Es/6uCdZXF0N6AJrL
Score8/10-
Downloads MZ/PE file
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-