Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9bbb3527fa49e57aedd8740130a1ea1da320e1a8ce768bc1e884010273b64be7
-
Size
1.5MB
-
Sample
231128-j3v7wsgd32
-
MD5
fb4eb25f8dc7685292534db502a6405f
-
SHA1
fecb32a482ff3a841f99fd44c034e28ea477bea4
-
SHA256
9bbb3527fa49e57aedd8740130a1ea1da320e1a8ce768bc1e884010273b64be7
-
SHA512
35ed8f546f9635b986cd85dca51248021f981cfa15d91deb761c7fadd0bd961f419d48ec50ace8dd7511def9a7563a4d7e9001df1ffc411c0fe69273f3298d02
-
SSDEEP
24576:YLFZeV9rUW3uRIgRNMj88q9s14+6fsqetItnwn56fTT3RO9q:2FgVIRIgRNMY8qq1bSsqEw/3x
Static task
static1
Behavioral task
behavioral1
Sample
9bbb3527fa49e57aedd8740130a1ea1da320e1a8ce768bc1e884010273b64be7.exe
Resource
win7-20231023-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
9bbb3527fa49e57aedd8740130a1ea1da320e1a8ce768bc1e884010273b64be7
-
Size
1.5MB
-
MD5
fb4eb25f8dc7685292534db502a6405f
-
SHA1
fecb32a482ff3a841f99fd44c034e28ea477bea4
-
SHA256
9bbb3527fa49e57aedd8740130a1ea1da320e1a8ce768bc1e884010273b64be7
-
SHA512
35ed8f546f9635b986cd85dca51248021f981cfa15d91deb761c7fadd0bd961f419d48ec50ace8dd7511def9a7563a4d7e9001df1ffc411c0fe69273f3298d02
-
SSDEEP
24576:YLFZeV9rUW3uRIgRNMj88q9s14+6fsqetItnwn56fTT3RO9q:2FgVIRIgRNMY8qq1bSsqEw/3x
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5