Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

13b00a599a...c8.exe

windows7-x64

8

13b00a599a...c8.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    13b00a599adf4a61890cbd91445d2ec8.bin

  • Size

    13.4MB

  • Sample

    231016-cy7xkadd27

  • MD5

    13b00a599adf4a61890cbd91445d2ec8

  • SHA1

    d06563a69e4451da10481d71ddb0610519ad017f

  • SHA256

    9a41f8fdcbe631d597a9902ee78f384d7518e6508274a494188a78c531657e56

  • SHA512

    0ece9a759d561d3786c45e0dd0d255f650b421bf95a62bb96edceecbe12d68fa1d84a5468c099cd8dceb4cdf62a6781864fff6150aca30d630d256f5481eac23

  • SSDEEP

    393216:FZRT1dK3sROLQ1iP0pmj4taHcOZGTwjSIG/EBpKZkWd:FZRT1dK3sROLQ1iP0pmj4taHcOZGwOIa

Score
8/10
evasionpersistence

Malware Config

Targets

    • Target

      13b00a599adf4a61890cbd91445d2ec8.bin

    • Size

      13.4MB

    • MD5

      13b00a599adf4a61890cbd91445d2ec8

    • SHA1

      d06563a69e4451da10481d71ddb0610519ad017f

    • SHA256

      9a41f8fdcbe631d597a9902ee78f384d7518e6508274a494188a78c531657e56

    • SHA512

      0ece9a759d561d3786c45e0dd0d255f650b421bf95a62bb96edceecbe12d68fa1d84a5468c099cd8dceb4cdf62a6781864fff6150aca30d630d256f5481eac23

    • SSDEEP

      393216:FZRT1dK3sROLQ1iP0pmj4taHcOZGTwjSIG/EBpKZkWd:FZRT1dK3sROLQ1iP0pmj4taHcOZGwOIa

    Score
    8/10
    persistenceevasion

    • Modifies Windows Firewall

      evasion

    • Sets service image path in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence

    • Modifies boot configuration data using bcdedit

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks