Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    MalRepairToolkitSetup.exe

  • Size

    6.0MB

  • Sample

    231001-nbczfsab7t

  • MD5

    23f2491a8116caf1d2b1f5b39676577f

  • SHA1

    5f51b6110c8f1cdea547ff873778e24cb6b20596

  • SHA256

    a44aaca64d14fa31d3752ae67fe709a3cdec6369f4547792cbe60e4a1f945bf8

  • SHA512

    535ec265ba12da399e8d73f6f7305ddea1bc50a804ae8d09e219ad7819da63bc3949495eda888b66c59ef6628651b266125161187e100e1e24d668732458d187

  • SSDEEP

    98304:00xNLNQWgAERBO59FQr58uXfCB52ceG6XKALJE/mQmN+fmYmVzgdgoB9H:1xNufAVucP6XKk0m9N+fmYmXoTH

Malware Config

Targets

    • Target

      MalRepairToolkitSetup.exe

    • Size

      6.0MB

    • MD5

      23f2491a8116caf1d2b1f5b39676577f

    • SHA1

      5f51b6110c8f1cdea547ff873778e24cb6b20596

    • SHA256

      a44aaca64d14fa31d3752ae67fe709a3cdec6369f4547792cbe60e4a1f945bf8

    • SHA512

      535ec265ba12da399e8d73f6f7305ddea1bc50a804ae8d09e219ad7819da63bc3949495eda888b66c59ef6628651b266125161187e100e1e24d668732458d187

    • SSDEEP

      98304:00xNLNQWgAERBO59FQr58uXfCB52ceG6XKALJE/mQmN+fmYmVzgdgoB9H:1xNufAVucP6XKk0m9N+fmYmXoTH

    • Modifies WinLogon for persistence

    • UAC bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks