Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    autoruni.pee.exe

  • Size

    100KB

  • Sample

    230702-xzmm8sec5y

  • MD5

    aae219d4e703051d60351f73ca288d1d

  • SHA1

    1b28cbc3d27a92281ebf4754c27b9ac4a3a8c214

  • SHA256

    56947c93fb17d3339ff2a778556f4a4f95516fb5112db61ae0804ecdcf4d1307

  • SHA512

    c506e10cb96346729bbcf7001a2e686c22998c5b62cfff80319a6ab2e50031e96d7731b1cf5128a34d071779360be4ebacb28a2296651c80ba9e12650ef48af5

  • SSDEEP

    3072:J2MWsQvnyo/CtkgEcnz7fsmqLGnQ7eMDLyPexpZ:J2jsgpYtEcnzwlLFeMD2Pex

Malware Config

Targets

    • Target

      autoruni.pee.exe

    • Size

      100KB

    • MD5

      aae219d4e703051d60351f73ca288d1d

    • SHA1

      1b28cbc3d27a92281ebf4754c27b9ac4a3a8c214

    • SHA256

      56947c93fb17d3339ff2a778556f4a4f95516fb5112db61ae0804ecdcf4d1307

    • SHA512

      c506e10cb96346729bbcf7001a2e686c22998c5b62cfff80319a6ab2e50031e96d7731b1cf5128a34d071779360be4ebacb28a2296651c80ba9e12650ef48af5

    • SSDEEP

      3072:J2MWsQvnyo/CtkgEcnz7fsmqLGnQ7eMDLyPexpZ:J2jsgpYtEcnzwlLFeMD2Pex

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks