Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Loader.exe

  • Size

    5.9MB

  • Sample

    230305-bczhmaef91

  • MD5

    d0ffcc482ce53b386a30199dab65f6e0

  • SHA1

    00ef2852b530749fbcb8c40099bdc68151780bb6

  • SHA256

    a1773235dcd9c9f815793b7509f91b959b450c4bf90b6c26794c9f59458f9050

  • SHA512

    09a4b86a7b77d08daf0668e6e9f7eac66ac0368b2f4a08d4404a10b8b45a1b929c9402ff36369780015728fb7d371fce59b43ce518214ba011b3f0248cdc8b63

  • SSDEEP

    98304:7RRxywgpOB5q7fgMamWcXU3KUvLp73YxRfSjhFvucBaM6stwpINm5wbCKHB3:7xy5ABA7fgxlp3YxRwduqgsEEm5nQB

Malware Config

Targets

    • Target

      Loader.exe

    • Size

      5.9MB

    • MD5

      d0ffcc482ce53b386a30199dab65f6e0

    • SHA1

      00ef2852b530749fbcb8c40099bdc68151780bb6

    • SHA256

      a1773235dcd9c9f815793b7509f91b959b450c4bf90b6c26794c9f59458f9050

    • SHA512

      09a4b86a7b77d08daf0668e6e9f7eac66ac0368b2f4a08d4404a10b8b45a1b929c9402ff36369780015728fb7d371fce59b43ce518214ba011b3f0248cdc8b63

    • SSDEEP

      98304:7RRxywgpOB5q7fgMamWcXU3KUvLp73YxRfSjhFvucBaM6stwpINm5wbCKHB3:7xy5ABA7fgxlp3YxRwduqgsEEm5nQB

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks