Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b2708878dad61b995b1e3bfbc751e9c34aeeb8a2375801b9c6ab141c4745ffdc
-
Size
4.2MB
-
Sample
231013-chk3vscb37
-
MD5
654f6e4d8591ade35d32cf2f91cdfdf2
-
SHA1
1626099f8c06fe6d170d154d9305367f66469bbe
-
SHA256
b2708878dad61b995b1e3bfbc751e9c34aeeb8a2375801b9c6ab141c4745ffdc
-
SHA512
ae2b31fb228e134a668dcbab0ae1be453cab55229efc3a0cfd271d2a0bff0bb461a8621cd304ef65444bab05cc517d6882eaea0a61d76cef6d6a81a7d903e4e6
-
SSDEEP
98304:GQsdI15XMGsIqG7jK1nlxDBWJo0zqoXlBjYH:9sdI/M9mGJvBuo02oXlB0
Static task
static1
Behavioral task
behavioral1
Sample
b2708878dad61b995b1e3bfbc751e9c34aeeb8a2375801b9c6ab141c4745ffdc.exe
Resource
win7-20230831-en
Malware Config
Targets
-
-
Target
b2708878dad61b995b1e3bfbc751e9c34aeeb8a2375801b9c6ab141c4745ffdc
-
Size
4.2MB
-
MD5
654f6e4d8591ade35d32cf2f91cdfdf2
-
SHA1
1626099f8c06fe6d170d154d9305367f66469bbe
-
SHA256
b2708878dad61b995b1e3bfbc751e9c34aeeb8a2375801b9c6ab141c4745ffdc
-
SHA512
ae2b31fb228e134a668dcbab0ae1be453cab55229efc3a0cfd271d2a0bff0bb461a8621cd304ef65444bab05cc517d6882eaea0a61d76cef6d6a81a7d903e4e6
-
SSDEEP
98304:GQsdI15XMGsIqG7jK1nlxDBWJo0zqoXlBjYH:9sdI/M9mGJvBuo02oXlB0
-
Glupteba payload
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1