Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
MBSetup-9CC8C5F5.exe
-
Size
2.5MB
-
Sample
230311-wywdbacf5s
-
MD5
6b2068e1d2027a8c44a0292220496eaf
-
SHA1
64f09b577b56c5bc8bbe48d6f3c28f2ae0ebcc9b
-
SHA256
45f080107243e8515b501ae5081e68b15e02e11c64b09a856074676058e946a9
-
SHA512
d062cff15fbac58b53aef7d165a94fae82feb7387398846bd3f18471be2488e51d8a12657d058fad8a7d60199adac7af2a72dcb138acd9c14fbe564519e15234
-
SSDEEP
24576:NxluWCEkx/gITyj4HYTvmngOezyr3yNtGs0wd/ZL8Ug+JwNZgCxiIsCA2flywBuz:0WFcGOng5yEGs0wxZN2DxiIq2d3d0
Static task
static1
Behavioral task
behavioral1
Sample
MBSetup-9CC8C5F5.exe
Resource
win10-20230220-es
Malware Config
Targets
-
-
Target
MBSetup-9CC8C5F5.exe
-
Size
2.5MB
-
MD5
6b2068e1d2027a8c44a0292220496eaf
-
SHA1
64f09b577b56c5bc8bbe48d6f3c28f2ae0ebcc9b
-
SHA256
45f080107243e8515b501ae5081e68b15e02e11c64b09a856074676058e946a9
-
SHA512
d062cff15fbac58b53aef7d165a94fae82feb7387398846bd3f18471be2488e51d8a12657d058fad8a7d60199adac7af2a72dcb138acd9c14fbe564519e15234
-
SSDEEP
24576:NxluWCEkx/gITyj4HYTvmngOezyr3yNtGs0wd/ZL8Ug+JwNZgCxiIsCA2flywBuz:0WFcGOng5yEGs0wxZN2DxiIq2d3d0
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Modifies RDP port number used by Windows
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-