Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
09751399.exe
-
Size
4.2MB
-
Sample
230527-k1wajsbg5z
-
MD5
289257051a7e30f837a00b4186b47501
-
SHA1
322971cb7da2f62756e505ea8ba036462514c1bf
-
SHA256
433ec815318e439551d66ddf3c605ba7da5e966b671107b425f73262d39a9c83
-
SHA512
028854277ad817627f3070f0648bd546b2cc0a5c3ed220b1596725a41c934a9c62eb8f23c6e71619ea0c6c2d625b23c8a2ce03ca4eba016539a2134f4057bc26
-
SSDEEP
98304:aHVVp2uqi61tX39zbn2cQKXNes4aMrVfmxWuRZxuBKBOBL:aFYzTXNH2c3eKokxlRfC
Static task
static1
Behavioral task
behavioral1
Sample
09751399.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
09751399.exe
-
Size
4.2MB
-
MD5
289257051a7e30f837a00b4186b47501
-
SHA1
322971cb7da2f62756e505ea8ba036462514c1bf
-
SHA256
433ec815318e439551d66ddf3c605ba7da5e966b671107b425f73262d39a9c83
-
SHA512
028854277ad817627f3070f0648bd546b2cc0a5c3ed220b1596725a41c934a9c62eb8f23c6e71619ea0c6c2d625b23c8a2ce03ca4eba016539a2134f4057bc26
-
SSDEEP
98304:aHVVp2uqi61tX39zbn2cQKXNes4aMrVfmxWuRZxuBKBOBL:aFYzTXNH2c3eKokxlRfC
-
Glupteba payload
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-