Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

092c84f0a5...b2.exe

windows7-x64

8

092c84f0a5...b2.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    092c84f0a5edadbb5ae1f5db0570f0b2

  • Size

    268KB

  • Sample

    231224-wbknaschb7

  • MD5

    092c84f0a5edadbb5ae1f5db0570f0b2

  • SHA1

    44f9d10ad1102f8dcdb5fb250098ff385830d08b

  • SHA256

    4cd684c3792c1cea5e574fa967813befc6c0ca518ab33c21bfeb7436ef40d3bb

  • SHA512

    6cad81688c6ce46977ec55d9b6340cec89daf9a29612fa75ed928abe9911329c2e5243835ac2538916245bea5906cb43388562426bd749af47d7f1563cc53df5

  • SSDEEP

    6144:pdElw6RcPnD1wRTxwGxMJcuF3ifkFmoAHSZ1C9MaZn:klgDaR6yMSuF0kFJAHw1C+6

Score
8/10
bootkitpersistence

Malware Config

Targets

    • Target

      092c84f0a5edadbb5ae1f5db0570f0b2

    • Size

      268KB

    • MD5

      092c84f0a5edadbb5ae1f5db0570f0b2

    • SHA1

      44f9d10ad1102f8dcdb5fb250098ff385830d08b

    • SHA256

      4cd684c3792c1cea5e574fa967813befc6c0ca518ab33c21bfeb7436ef40d3bb

    • SHA512

      6cad81688c6ce46977ec55d9b6340cec89daf9a29612fa75ed928abe9911329c2e5243835ac2538916245bea5906cb43388562426bd749af47d7f1563cc53df5

    • SSDEEP

      6144:pdElw6RcPnD1wRTxwGxMJcuF3ifkFmoAHSZ1C9MaZn:klgDaR6yMSuF0kFJAHw1C+6

    Score
    8/10
    bootkitpersistence

    • Modifies Installed Components in the registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks