Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

29/06/2023, 02:37

230629-c36v3acf8y 8

04/06/2023, 17:51

230604-we6pyadf2s 7

04/06/2023, 17:49

230604-weeapada36 7

04/06/2023, 17:36

230604-v6lcmsde5w 8

General

  • Target

    MEMZ × ADZP 20 Complex.exe

  • Size

    387KB

  • Sample

    230629-c36v3acf8y

  • MD5

    580ccf644a5efb8b9d0157ea6b0049ab

  • SHA1

    dd4433c9c670cef10344f3d52a4397a520404a7e

  • SHA256

    e5c2683f7a605712f83903c9272d7d4bc0b03d8399595d7ae88189b38db2ae84

  • SHA512

    402497966cc73cb3d87d3ce72fc08372c996b790c6535253d01604b007b57d9efdcb2bf8e96f9a1418dd23632bb314d9de3c7fcc552d42fab3c11ee47fdd9136

  • SSDEEP

    12288:actEagGmcl4gBF1BRnI6hAVebOe1gsT+tcVtQ:TR+cl7X1BRnI6hmebOe1gmLQ

Malware Config

Targets

    • Target

      MEMZ × ADZP 20 Complex.exe

    • Size

      387KB

    • MD5

      580ccf644a5efb8b9d0157ea6b0049ab

    • SHA1

      dd4433c9c670cef10344f3d52a4397a520404a7e

    • SHA256

      e5c2683f7a605712f83903c9272d7d4bc0b03d8399595d7ae88189b38db2ae84

    • SHA512

      402497966cc73cb3d87d3ce72fc08372c996b790c6535253d01604b007b57d9efdcb2bf8e96f9a1418dd23632bb314d9de3c7fcc552d42fab3c11ee47fdd9136

    • SSDEEP

      12288:actEagGmcl4gBF1BRnI6hAVebOe1gsT+tcVtQ:TR+cl7X1BRnI6hmebOe1gmLQ

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Modifies file permissions

    • Adds Run key to start application

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v6

Tasks