Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

07/05/2023, 21:46

230507-1mxjfsfh72 10

General

  • Target

    hfw0xBaK

  • Size

    2KB

  • Sample

    230507-1mxjfsfh72

  • MD5

    df74ae4f1c9b9e49871bf744653cb29c

  • SHA1

    0ab311fb063c1e45bf7c9c638d801aa9d158d4e7

  • SHA256

    6a2ef81132e27e538d59e4e49ca1bc79abf88a568c4f1099ee867a8b167962da

  • SHA512

    a715e9917244099fc8f1fd7b4f7d4ba0a8021de129a5bcd930b1d21715ae56611522f399fa0321e8ee8ca45e07de20a694edcebcaf59c4d8cc4864e039778af7

Malware Config

Targets

    • Target

      hfw0xBaK

    • Size

      2KB

    • MD5

      df74ae4f1c9b9e49871bf744653cb29c

    • SHA1

      0ab311fb063c1e45bf7c9c638d801aa9d158d4e7

    • SHA256

      6a2ef81132e27e538d59e4e49ca1bc79abf88a568c4f1099ee867a8b167962da

    • SHA512

      a715e9917244099fc8f1fd7b4f7d4ba0a8021de129a5bcd930b1d21715ae56611522f399fa0321e8ee8ca45e07de20a694edcebcaf59c4d8cc4864e039778af7

    • Modifies WinLogon for persistence

    • UAC bypass

    • Disables RegEdit via registry modification

    • Drops Chrome extension

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v6

Tasks