Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ec18155938e24b931dda95ec709003fac79ce3df837f09d07569f12bc5d00055

  • Size

    994KB

  • Sample

    230930-s5ahmsde9z

  • MD5

    38811cf5e537c92383faf8486ed93d63

  • SHA1

    6218467d1bae0d3f14aba056b079af8aad6498bf

  • SHA256

    ec18155938e24b931dda95ec709003fac79ce3df837f09d07569f12bc5d00055

  • SHA512

    44b01b6d16d4621a9628538901596e7b620a50e4d86959feb974fc4437548c20dcee17a2d2229b15f78897c84a62293559e70e6cdb9d40d86a9bdc233900fe78

  • SSDEEP

    24576:9ySH5Ylea068blc51PeqSMYLuRe4J3PHqORDBV:YciM5va51WaYiR3J/KqD

Malware Config

Targets

    • Target

      ec18155938e24b931dda95ec709003fac79ce3df837f09d07569f12bc5d00055

    • Size

      994KB

    • MD5

      38811cf5e537c92383faf8486ed93d63

    • SHA1

      6218467d1bae0d3f14aba056b079af8aad6498bf

    • SHA256

      ec18155938e24b931dda95ec709003fac79ce3df837f09d07569f12bc5d00055

    • SHA512

      44b01b6d16d4621a9628538901596e7b620a50e4d86959feb974fc4437548c20dcee17a2d2229b15f78897c84a62293559e70e6cdb9d40d86a9bdc233900fe78

    • SSDEEP

      24576:9ySH5Ylea068blc51PeqSMYLuRe4J3PHqORDBV:YciM5va51WaYiR3J/KqD

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks