Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

message (32).js

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    message (32).txt

  • Size

    1002KB

  • Sample

    230613-mrcsysfg87

  • MD5

    0c7bb34d0233738a5f1c2c1c44e3c67e

  • SHA1

    3d3d4251e73fc20e1eb41d48e8834d3b2fcabb73

  • SHA256

    6d4b4c15da0e3a7b40d68891cacde7cd0cc318a668240a28b806e2f63b6096a0

  • SHA512

    79659abb3b8e3c9729bdc53b7387e3a178c5eb68f9d1e75d56350c56397e871bb4f797cd8955757dd64061a639c96fd3c21a75d32bfc5cd523c70fd56340dd7d

  • SSDEEP

    24576:7Vj33KWe/JBkrZ260W97qLP9dh771rNw978z7uN7KrP3:7Vj33KWe/JBkrZ260W97qLP9dh771rNt

Score
8/10
discoveryevasionpersistencespywarestealerupx

Malware Config

Targets

    • Target

      message (32).txt

    • Size

      1002KB

    • MD5

      0c7bb34d0233738a5f1c2c1c44e3c67e

    • SHA1

      3d3d4251e73fc20e1eb41d48e8834d3b2fcabb73

    • SHA256

      6d4b4c15da0e3a7b40d68891cacde7cd0cc318a668240a28b806e2f63b6096a0

    • SHA512

      79659abb3b8e3c9729bdc53b7387e3a178c5eb68f9d1e75d56350c56397e871bb4f797cd8955757dd64061a639c96fd3c21a75d32bfc5cd523c70fd56340dd7d

    • SSDEEP

      24576:7Vj33KWe/JBkrZ260W97qLP9dh771rNw978z7uN7KrP3:7Vj33KWe/JBkrZ260W97qLP9dh771rNt

    Score
    8/10
    discoveryevasionpersistencespywarestealerupx

    • Creates new service(s)

      persistence

    • Downloads MZ/PE file

    • Modifies Windows Firewall

      evasion

    • Stops running service(s)

      evasion

    • Uses Session Manager for persistence

      Creates Session Manager registry key to run executable early in system boot.

      persistence

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Registers COM server for autorun

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Checks for any installed AV software in registry

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks