Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Resubmissions

04/02/2024, 20:53 UTC

240204-zppqysaee3 10

18/12/2023, 05:04 UTC

231218-fqrgdsaeh8 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec91ef3c4c02b6c8aff61058bf0b2bb013e2e6a2ee6c805c6d07ad0ae46fa9d1

  • Size

    735KB

  • Sample

    231218-fqrgdsaeh8

  • MD5

    9f5cb3a9a4053a53063a9da9afbf6273

  • SHA1

    b1ad9fe9cd4e8ddf11909751a2e0334c86ff206e

  • SHA256

    ec91ef3c4c02b6c8aff61058bf0b2bb013e2e6a2ee6c805c6d07ad0ae46fa9d1

  • SHA512

    aaa720bb50f26f0508f1a3403da7189e7915c5663f08b35dd35299bfb6815c3f20bfb143d35cb57a0a95f623505809434ec28ecb7b90374e674a40381c079b26

  • SSDEEP

    12288:xYRY4kQvFK/hSB8W5yWz2izHvqIknzbUtaD0Drt+/wQVbAV:/48SB8W5lzfqIknzCaoDWwWA

Score
10/10
gluptebarhadamanthysdiscoverydropperevasionloaderpersistencerootkitspywarestealertrojanupx

Malware Config

Targets

    • Target

      ec91ef3c4c02b6c8aff61058bf0b2bb013e2e6a2ee6c805c6d07ad0ae46fa9d1

    • Size

      735KB

    • MD5

      9f5cb3a9a4053a53063a9da9afbf6273

    • SHA1

      b1ad9fe9cd4e8ddf11909751a2e0334c86ff206e

    • SHA256

      ec91ef3c4c02b6c8aff61058bf0b2bb013e2e6a2ee6c805c6d07ad0ae46fa9d1

    • SHA512

      aaa720bb50f26f0508f1a3403da7189e7915c5663f08b35dd35299bfb6815c3f20bfb143d35cb57a0a95f623505809434ec28ecb7b90374e674a40381c079b26

    • SSDEEP

      12288:xYRY4kQvFK/hSB8W5yWz2izHvqIknzbUtaD0Drt+/wQVbAV:/48SB8W5lzfqIknzCaoDWwWA

    Score
    10/10
    gluptebarhadamanthysdiscoverydropperevasionloaderpersistencerootkitstealertrojanupxspyware

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Glupteba payload

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Downloads MZ/PE file

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Registers COM server for autorun

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

      rootkitevasion

    • Modifies boot configuration data using bcdedit

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Scheduled Task/Job

1
T1053

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Scheduled Task/Job

1
T1053

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

3
T1562

Disable or Modify Tools

3
T1562.001

Modify Registry

6
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

3
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.