Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

hfw0xBaK.html

windows10-1703-x64

hfw0xBaK.html

windows10-2004-x64

6

Resubmissions

07/05/2023, 21:46

230507-1mxjfsfh72 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    hfw0xBaK

  • Size

    2KB

  • Sample

    230507-1mxjfsfh72

  • MD5

    df74ae4f1c9b9e49871bf744653cb29c

  • SHA1

    0ab311fb063c1e45bf7c9c638d801aa9d158d4e7

  • SHA256

    6a2ef81132e27e538d59e4e49ca1bc79abf88a568c4f1099ee867a8b167962da

  • SHA512

    a715e9917244099fc8f1fd7b4f7d4ba0a8021de129a5bcd930b1d21715ae56611522f399fa0321e8ee8ca45e07de20a694edcebcaf59c4d8cc4864e039778af7

Score
10/10
evasionpersistenceransomwaretrojan

Malware Config

Targets

    • Target

      hfw0xBaK

    • Size

      2KB

    • MD5

      df74ae4f1c9b9e49871bf744653cb29c

    • SHA1

      0ab311fb063c1e45bf7c9c638d801aa9d158d4e7

    • SHA256

      6a2ef81132e27e538d59e4e49ca1bc79abf88a568c4f1099ee867a8b167962da

    • SHA512

      a715e9917244099fc8f1fd7b4f7d4ba0a8021de129a5bcd930b1d21715ae56611522f399fa0321e8ee8ca45e07de20a694edcebcaf59c4d8cc4864e039778af7

    Score
    10/10
    evasionpersistenceransomwaretrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Drops Chrome extension

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks