Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3970c8a14a7cf30f3a8a8bf09f3a674309279459dfbacaa7aca34b7058a78dff.zip
-
Size
2.3MB
-
Sample
231105-mqs4jsgc47
-
MD5
2b01310dd150c6209df0563b6d63fec8
-
SHA1
e0d43311393ca196bd51beba7529a674e3fde25b
-
SHA256
1770f9cc5e8a79a1603afdfd4dc7292a634470558d8ca3cca1226013de899959
-
SHA512
6f81b39a5921d0f386cc99c23c0f1a1c33a8f60d8f8b407d88ca9e7150fbb745140e1a4bc3c1b143a9fabf26f8e400106ac7853ef5ea3abcebb038e51157c529
-
SSDEEP
49152:te4pyVun1ATfPMi8RU/4Axg3gAViVvElup4PhGAVmtnSQ/e30:OSK0xAi3TsDCpVOSQ/e30
Static task
static1
Behavioral task
behavioral1
Sample
3970c8a14a7cf30f3a8a8bf09f3a674309279459dfbacaa7aca34b7058a78dff.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
3970c8a14a7cf30f3a8a8bf09f3a674309279459dfbacaa7aca34b7058a78dff.exe
Resource
win10v2004-20231020-en
Malware Config
Targets
-
-
Target
3970c8a14a7cf30f3a8a8bf09f3a674309279459dfbacaa7aca34b7058a78dff.exe
-
Size
2.5MB
-
MD5
f9a4d1e59de045cf7c3f637f4ac835d5
-
SHA1
2d44fb5a4b24d192d85b5b19b29e34648c37d879
-
SHA256
3970c8a14a7cf30f3a8a8bf09f3a674309279459dfbacaa7aca34b7058a78dff
-
SHA512
be9362eaec646944dee293cbc3173c5c9117957d122f875e249698c90115a45a02c96937c7216600eb3edb9d56bd4e847088ffdfba543a12902cbf6ace7855e8
-
SSDEEP
49152:TRsbrrrrrrrsWihVr5+X2c6BMWpAYdXRB8XtcK1rtBlZk70AnDWlELgHN:TRsbrrrrrrrsrh13JyWp9R6X6KvTW7UJ
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1