Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    abe0a71622dc48c4176e92bdf436a83a7cf4b2ee7c7c8222610c7c5d164ee340

  • Size

    1.4MB

  • Sample

    231014-cjk49aba7v

  • MD5

    ae9e85d6e11f83b95812c072249bd504

  • SHA1

    e0f4bcef2a2e0501b06e4a45a5f0063ce1e5c644

  • SHA256

    abe0a71622dc48c4176e92bdf436a83a7cf4b2ee7c7c8222610c7c5d164ee340

  • SHA512

    8752e01e26096cf44986119c7a04fba03a11587f48183b1aebca82a9ef2a0bafaca370ab385c8ca0fc29d922745d4854bf9743083d962e7fe5fd4f6fcf19b10b

  • SSDEEP

    24576:U2G/nvxW3Ww0tRp8GiXTBhq7yRDvHcUcjUvy0lr3Tl6icOB/UWoT:UbA30H4zF0UMSAicOB/UWk

Score
10/10

Malware Config

Targets

    • Target

      abe0a71622dc48c4176e92bdf436a83a7cf4b2ee7c7c8222610c7c5d164ee340

    • Size

      1.4MB

    • MD5

      ae9e85d6e11f83b95812c072249bd504

    • SHA1

      e0f4bcef2a2e0501b06e4a45a5f0063ce1e5c644

    • SHA256

      abe0a71622dc48c4176e92bdf436a83a7cf4b2ee7c7c8222610c7c5d164ee340

    • SHA512

      8752e01e26096cf44986119c7a04fba03a11587f48183b1aebca82a9ef2a0bafaca370ab385c8ca0fc29d922745d4854bf9743083d962e7fe5fd4f6fcf19b10b

    • SSDEEP

      24576:U2G/nvxW3Ww0tRp8GiXTBhq7yRDvHcUcjUvy0lr3Tl6icOB/UWoT:UbA30H4zF0UMSAicOB/UWk

    Score
    10/10
    • Modifies WinLogon for persistence

    • Modifies Windows Firewall

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks