Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
youdao.exe
-
Size
149.7MB
-
Sample
231125-n6e3asad58
-
MD5
9ef442a14466a39c0572074fcce348dd
-
SHA1
cfa1846cf9b13f166fffd67ad02d4b7e2a884ee3
-
SHA256
c13b78ce599d4096fe6f1a02d603e782e7367e1511c993d9a19e8bc8a95311a5
-
SHA512
5425887977db130c3ab2cba7e5829c55e77331b388f76acbd9f73467845ff9bb1fe6655d1e5b6cacb4f12b468aeedf5266dc27b027b7e2baf7a0ca1d14a50877
-
SSDEEP
3145728:k63TD1pRKegKHA5jMNFyymEOsEvtd+MKqaXHFVhHMCJDe9:kwTBp0eMYFyyxOsEld+MKjXlYC5e9
Static task
static1
Behavioral task
behavioral1
Sample
youdao.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
youdao.exe
Resource
win10-20231020-en
Malware Config
Targets
-
-
Target
youdao.exe
-
Size
149.7MB
-
MD5
9ef442a14466a39c0572074fcce348dd
-
SHA1
cfa1846cf9b13f166fffd67ad02d4b7e2a884ee3
-
SHA256
c13b78ce599d4096fe6f1a02d603e782e7367e1511c993d9a19e8bc8a95311a5
-
SHA512
5425887977db130c3ab2cba7e5829c55e77331b388f76acbd9f73467845ff9bb1fe6655d1e5b6cacb4f12b468aeedf5266dc27b027b7e2baf7a0ca1d14a50877
-
SSDEEP
3145728:k63TD1pRKegKHA5jMNFyymEOsEvtd+MKqaXHFVhHMCJDe9:kwTBp0eMYFyyxOsEld+MKjXlYC5e9
-
Detect Blackmoon payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
1