Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e6f93bea28f6b9d362ae02eef187d369cb6b81cf01558df5a499429aa2ebc771

  • Size

    1.0MB

  • Sample

    231002-cfw3cage76

  • MD5

    b120dc868a8ccc79f8fa9546942c17ca

  • SHA1

    68dfb5cc5f325e957ab1bd03d31c2815db29e093

  • SHA256

    e6f93bea28f6b9d362ae02eef187d369cb6b81cf01558df5a499429aa2ebc771

  • SHA512

    882836ba95a032602a15b7505356e8b1b6fb61c7ec84abf4cb9719afe0a068bb2ef14e83bc8298125c8d9adf6a45621a6f83f78ed8569352e2dd007a37b1e78d

  • SSDEEP

    24576:TyxbRNCaPD7nb5/47ftxIqA8cHPpPGfOpLHzWjOrpON:mxbRNCGbwft/4vpPGfOpLTWjl

Malware Config

Targets

    • Target

      e6f93bea28f6b9d362ae02eef187d369cb6b81cf01558df5a499429aa2ebc771

    • Size

      1.0MB

    • MD5

      b120dc868a8ccc79f8fa9546942c17ca

    • SHA1

      68dfb5cc5f325e957ab1bd03d31c2815db29e093

    • SHA256

      e6f93bea28f6b9d362ae02eef187d369cb6b81cf01558df5a499429aa2ebc771

    • SHA512

      882836ba95a032602a15b7505356e8b1b6fb61c7ec84abf4cb9719afe0a068bb2ef14e83bc8298125c8d9adf6a45621a6f83f78ed8569352e2dd007a37b1e78d

    • SSDEEP

      24576:TyxbRNCaPD7nb5/47ftxIqA8cHPpPGfOpLHzWjOrpON:mxbRNCGbwft/4vpPGfOpLTWjl

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks