Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
main.exe
-
Size
82.5MB
-
Sample
230724-cg2zzshe67
-
MD5
1e6f75bc5ed093e5c87a8abc9792afa1
-
SHA1
038a9b3e253a383a1de435b410a1cd2c5037631f
-
SHA256
19774a82c2c0a4d872e60a3fa062c3e44cf4e9f3504e0501112f58437e7654ad
-
SHA512
9e34447b98efa11809bfbef37b64be14c20d9aebb0b49899b3e3ffa86e1ce1fb0a5d27a791b9e8a46ebbeae12882404e91214dc2e5957a2f4340d276f0dd4af9
-
SSDEEP
1572864:h1QtatodMkRCtQkTMT2Zr9yre77nD0C2Q0Q/KZYlct2uC9b2R23Sb/U3viOmWvHs:/rkkQkTyCAS/D1SQct2uC9b2xM3v3mwM
Malware Config
Targets
-
-
Target
main.exe
-
Size
82.5MB
-
MD5
1e6f75bc5ed093e5c87a8abc9792afa1
-
SHA1
038a9b3e253a383a1de435b410a1cd2c5037631f
-
SHA256
19774a82c2c0a4d872e60a3fa062c3e44cf4e9f3504e0501112f58437e7654ad
-
SHA512
9e34447b98efa11809bfbef37b64be14c20d9aebb0b49899b3e3ffa86e1ce1fb0a5d27a791b9e8a46ebbeae12882404e91214dc2e5957a2f4340d276f0dd4af9
-
SSDEEP
1572864:h1QtatodMkRCtQkTMT2Zr9yre77nD0C2Q0Q/KZYlct2uC9b2R23Sb/U3viOmWvHs:/rkkQkTyCAS/D1SQct2uC9b2xM3v3mwM
-
Disables RegEdit via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Disable or Modify Tools
1Modify Registry
2