Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
13b00a599adf4a61890cbd91445d2ec8.bin
-
Size
13.4MB
-
Sample
231016-cy7xkadd27
-
MD5
13b00a599adf4a61890cbd91445d2ec8
-
SHA1
d06563a69e4451da10481d71ddb0610519ad017f
-
SHA256
9a41f8fdcbe631d597a9902ee78f384d7518e6508274a494188a78c531657e56
-
SHA512
0ece9a759d561d3786c45e0dd0d255f650b421bf95a62bb96edceecbe12d68fa1d84a5468c099cd8dceb4cdf62a6781864fff6150aca30d630d256f5481eac23
-
SSDEEP
393216:FZRT1dK3sROLQ1iP0pmj4taHcOZGTwjSIG/EBpKZkWd:FZRT1dK3sROLQ1iP0pmj4taHcOZGwOIa
Static task
static1
Behavioral task
behavioral1
Sample
13b00a599adf4a61890cbd91445d2ec8.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
13b00a599adf4a61890cbd91445d2ec8.exe
Resource
win10v2004-20230915-en
Malware Config
Targets
-
-
Target
13b00a599adf4a61890cbd91445d2ec8.bin
-
Size
13.4MB
-
MD5
13b00a599adf4a61890cbd91445d2ec8
-
SHA1
d06563a69e4451da10481d71ddb0610519ad017f
-
SHA256
9a41f8fdcbe631d597a9902ee78f384d7518e6508274a494188a78c531657e56
-
SHA512
0ece9a759d561d3786c45e0dd0d255f650b421bf95a62bb96edceecbe12d68fa1d84a5468c099cd8dceb4cdf62a6781864fff6150aca30d630d256f5481eac23
-
SSDEEP
393216:FZRT1dK3sROLQ1iP0pmj4taHcOZGTwjSIG/EBpKZkWd:FZRT1dK3sROLQ1iP0pmj4taHcOZGwOIa
Score8/10-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Modifies boot configuration data using bcdedit
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1