Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

6221新.exe

windows7-x64

1

6221新.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a394e91fb22b6ec8842d6cba17500e5b912cbe7928200afbaea3c1600a37e207

  • Size

    135KB

  • Sample

    231226-gdx9vabgcl

  • MD5

    8b673de699530bd1927839e27a39aa99

  • SHA1

    5c76ac2c7eb4669416e3e58e409fa0310cc00b6d

  • SHA256

    a394e91fb22b6ec8842d6cba17500e5b912cbe7928200afbaea3c1600a37e207

  • SHA512

    bd5e7ae5c3e415daa01ba97bd6eed64c163587b3b83045bb851a5d629a840d27d0c41c246e26452af671cef42a7d6899534cd7077bf2e5fdf2887d6e19f3ead0

  • SSDEEP

    3072:q3DPy3RAZLmKm8z0mivhOG7QtloLtCXNcO+Xy2+ItVN9Qquf4+:q3Da3RkNZgaloY5Sy2+ItV9+

Score
8/10
bootkitpersistence

Malware Config

Targets

    • Target

      6221新.exe

    • Size

      265KB

    • MD5

      4372635f940e9263290505d9bfdcbbe4

    • SHA1

      0ae3820396a771cb8f37cc95c3834fac7068c790

    • SHA256

      c0fef0c9cda8bc2da1f0743f9700dbddd58d342383ad598e2a834b7a6f8ae0e6

    • SHA512

      43de006727d7a72e1407416261818d41003ea619c64e053c4898ef53b023a7ce11d2ba9a7b6de7ec100bad1d20c389cb65f503075205f2bb936a6f11f928e5cc

    • SSDEEP

      3072:4EbUmOnQUneuV6yez7W8cnRKdkbuCuma2A6dPnP0A8dq8JOpe37VgEoY46LgjNED:4gQea6yez7W3RSkbu1N5sPTPizoh7D

    Score
    8/10
    bootkitpersistence

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks