Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

02/04/2023, 17:46

230402-wcr4rsah9v 10

02/04/2023, 17:43

230402-wat6caah8x 6

General

  • Target

    hbhb.jpg

  • Size

    8KB

  • Sample

    230402-wcr4rsah9v

  • MD5

    a98b0114fd7aa9bacbcf5382de1586cd

  • SHA1

    fabf484b85c0ef3396da3df2dd074c4c01c708fa

  • SHA256

    bd648f110762d86514ad03d8ee22282bb12da408c7be77cc6cfafb052af603ef

  • SHA512

    cfb24a77aaccdfd115b254a45415e8e4d16fb60b80c7bb28310481191bbd7de37f091ab2a8e86b08ccb99f2330545b69dcc763f9ae74a18ea2d65f97ed5c8039

  • SSDEEP

    192:rC+B1oh/+lpiZUtULR3J6ZFAYpx1LqPzbM4vn6HznSPklb:rC+B1oh2v5tUBMZ1xxqPc4P6HznSPklb

Malware Config

Targets

    • Target

      hbhb.jpg

    • Size

      8KB

    • MD5

      a98b0114fd7aa9bacbcf5382de1586cd

    • SHA1

      fabf484b85c0ef3396da3df2dd074c4c01c708fa

    • SHA256

      bd648f110762d86514ad03d8ee22282bb12da408c7be77cc6cfafb052af603ef

    • SHA512

      cfb24a77aaccdfd115b254a45415e8e4d16fb60b80c7bb28310481191bbd7de37f091ab2a8e86b08ccb99f2330545b69dcc763f9ae74a18ea2d65f97ed5c8039

    • SSDEEP

      192:rC+B1oh/+lpiZUtULR3J6ZFAYpx1LqPzbM4vn6HznSPklb:rC+B1oh2v5tUBMZ1xxqPc4P6HznSPklb

    • Modifies WinLogon for persistence

    • UAC bypass

    • Disables RegEdit via registry modification

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v6

Tasks