Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Unit_2-136-141.pdf

  • Size

    872KB

  • Sample

    231114-rp3ntach2x

  • MD5

    9b270fa4f49fdd7e270470e9142cee7d

  • SHA1

    b113aecd6e35e149ac83a67c0bae848289b0d8ed

  • SHA256

    94224c4d601e86418da3906b0e08435507d8e3b617a87b41ff5c3bc33eb22fe0

  • SHA512

    d1ed217e9e135062e91fbb84b6844f471133dac4163ae54c61b9d5117939ec0b36d166eb8698b5dd50ebe3f7a2c9dc646139af5cf5daafa6e99d03336b18d93b

  • SSDEEP

    24576:EEb0T2IIq1N4m/DI4aJc0VwcGTCqIijLLzK:EHOODzaVVdkCqIivLG

Score
10/10

Malware Config

Targets

    • Target

      Unit_2-136-141.pdf

    • Size

      872KB

    • MD5

      9b270fa4f49fdd7e270470e9142cee7d

    • SHA1

      b113aecd6e35e149ac83a67c0bae848289b0d8ed

    • SHA256

      94224c4d601e86418da3906b0e08435507d8e3b617a87b41ff5c3bc33eb22fe0

    • SHA512

      d1ed217e9e135062e91fbb84b6844f471133dac4163ae54c61b9d5117939ec0b36d166eb8698b5dd50ebe3f7a2c9dc646139af5cf5daafa6e99d03336b18d93b

    • SSDEEP

      24576:EEb0T2IIq1N4m/DI4aJc0VwcGTCqIijLLzK:EHOODzaVVdkCqIivLG

    Score
    10/10
    • Modifies firewall policy service

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Adds Run key to start application

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks