Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

666.exe

windows7-x64

666.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    666.exe

  • Size

    4.0MB

  • Sample

    231014-bntfrahd71

  • MD5

    fb06afbe05e9006fb0974b34db9b3e47

  • SHA1

    798adfdf387a81d4e4784508b1c7a45c2574e5fb

  • SHA256

    4958c554787a589449e918fc5e3acc61b0ca61fdbf7ce0b658d4f60e2052f48e

  • SHA512

    5a7d0ae0e43cce249f4a8bd1239697a36b6f903336b23dd0b9c7aec415e0209dd24385e4f90d14a911208214415625f4a90ac490c1439f48be34cabde1c89080

  • SSDEEP

    49152:zO24L/Por4CZ8BSnxlGWJzV89A6E2Lfv/jMuxB4sbD3IqSq+3:zDIMdD89aSlxBx3

Score
10/10
evasionpersistenceransomwaretrojan

Malware Config

Targets

    • Target

      666.exe

    • Size

      4.0MB

    • MD5

      fb06afbe05e9006fb0974b34db9b3e47

    • SHA1

      798adfdf387a81d4e4784508b1c7a45c2574e5fb

    • SHA256

      4958c554787a589449e918fc5e3acc61b0ca61fdbf7ce0b658d4f60e2052f48e

    • SHA512

      5a7d0ae0e43cce249f4a8bd1239697a36b6f903336b23dd0b9c7aec415e0209dd24385e4f90d14a911208214415625f4a90ac490c1439f48be34cabde1c89080

    • SSDEEP

      49152:zO24L/Por4CZ8BSnxlGWJzV89A6E2Lfv/jMuxB4sbD3IqSq+3:zDIMdD89aSlxBx3

    Score
    10/10
    evasionpersistenceransomwaretrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

      evasion

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Disables use of System Restore points

      evasion

    • Sets file execution options in registry

      persistence

    • Modifies system executable filetype association

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Modifies WinLogon

      persistence

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

3
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

2
T1547.004

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Boot or Logon Autostart Execution

3
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

2
T1547.004

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

8
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

1
T1491

Inhibit System Recovery

1
T1490

Tasks