Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
02af3d92d91868e43816176f863198c0
-
Size
1.9MB
-
Sample
231224-sdt3zaahhr
-
MD5
02af3d92d91868e43816176f863198c0
-
SHA1
31f1e1714679c01d4d2907dadc581f2d33d75a6f
-
SHA256
790518417aa8fab82b5a25c12a0ccc6b2c72be5a57ecd4b1e95e03d36c10a16e
-
SHA512
e12968bb76d828628665788f4b1a17a31d1c9132c6055d406694a3f2052b90c8f373f1663b9281bd8e0696dbb07b0caab27c4b8b64a8bafece17eaf0f5b1a6a0
-
SSDEEP
24576:9JeJfAqkjp98zHpieds4w2Dsj1dEcBcA9nPno/igr1:7eJfAJGpLDw2De1WcTnPTM
Static task
static1
Behavioral task
behavioral1
Sample
02af3d92d91868e43816176f863198c0.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
02af3d92d91868e43816176f863198c0.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
02af3d92d91868e43816176f863198c0
-
Size
1.9MB
-
MD5
02af3d92d91868e43816176f863198c0
-
SHA1
31f1e1714679c01d4d2907dadc581f2d33d75a6f
-
SHA256
790518417aa8fab82b5a25c12a0ccc6b2c72be5a57ecd4b1e95e03d36c10a16e
-
SHA512
e12968bb76d828628665788f4b1a17a31d1c9132c6055d406694a3f2052b90c8f373f1663b9281bd8e0696dbb07b0caab27c4b8b64a8bafece17eaf0f5b1a6a0
-
SSDEEP
24576:9JeJfAqkjp98zHpieds4w2Dsj1dEcBcA9nPno/igr1:7eJfAJGpLDw2De1WcTnPTM
Score10/10-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1