Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7d386ac57d8ddc0e544e3a69641c68b8

  • Size

    157KB

  • Sample

    231220-crxs1sgbfq

  • MD5

    7d386ac57d8ddc0e544e3a69641c68b8

  • SHA1

    dfe78f65e0bfc96dbed20b8ab5ca9398ced30bd1

  • SHA256

    ad2aa8ad7e9f46168c811aae08adbe5e6ae58a8ff84cacd3aa0e630f84b08d14

  • SHA512

    b3394b83bb129877091c17b7eea655f30ae538c62c9c5a89ff89b71f395a366baca969db4d505d776b73ac27961849e23d1bfcb08243c76eb51b7e711cb63d46

  • SSDEEP

    3072:q1buCcJqcKxZe/3boPOkqNvfJTtmI5mPAZaQhSmWitCBNU:qGw5fybomlvfJTVmPAZaQhSmWitCBNU

Score
10/10

Malware Config

Targets

    • Target

      7d386ac57d8ddc0e544e3a69641c68b8

    • Size

      157KB

    • MD5

      7d386ac57d8ddc0e544e3a69641c68b8

    • SHA1

      dfe78f65e0bfc96dbed20b8ab5ca9398ced30bd1

    • SHA256

      ad2aa8ad7e9f46168c811aae08adbe5e6ae58a8ff84cacd3aa0e630f84b08d14

    • SHA512

      b3394b83bb129877091c17b7eea655f30ae538c62c9c5a89ff89b71f395a366baca969db4d505d776b73ac27961849e23d1bfcb08243c76eb51b7e711cb63d46

    • SSDEEP

      3072:q1buCcJqcKxZe/3boPOkqNvfJTtmI5mPAZaQhSmWitCBNU:qGw5fybomlvfJTVmPAZaQhSmWitCBNU

    Score
    9/10
    • Contacts a large (15439) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Changes its process name

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

MITRE ATT&CK Enterprise v15

Tasks