Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
00e8c742bece1d2166d148136f8bf13e
-
Size
100KB
-
Sample
231229-xf1ezshac5
-
MD5
00e8c742bece1d2166d148136f8bf13e
-
SHA1
3a636ccd8cb00f217562d3c38c1fd16364d7f81f
-
SHA256
2d4e97a5599734c8a0060f8f6460659a7d3f8b0ee44f798d0e70887d2a9d9b59
-
SHA512
8fe2e046d24a2c04abf8a25998c9e733b24651432611d293ace29332d69ea121df15955bca924a0ab197fc020393a688795ab06adc57bf681ec3a63147d6d1d4
-
SSDEEP
1536:Vle0eUv2iN7fhA5BY+oVuVWuEWYJOvNVvCmOJTC50mwJ1Alj3jCPOK56u1zzuso:VYlBixJyBZsujv609wQjC2K56o0
Static task
static1
Behavioral task
behavioral1
Sample
00e8c742bece1d2166d148136f8bf13e.exe
Resource
win7-20231215-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
00e8c742bece1d2166d148136f8bf13e
-
Size
100KB
-
MD5
00e8c742bece1d2166d148136f8bf13e
-
SHA1
3a636ccd8cb00f217562d3c38c1fd16364d7f81f
-
SHA256
2d4e97a5599734c8a0060f8f6460659a7d3f8b0ee44f798d0e70887d2a9d9b59
-
SHA512
8fe2e046d24a2c04abf8a25998c9e733b24651432611d293ace29332d69ea121df15955bca924a0ab197fc020393a688795ab06adc57bf681ec3a63147d6d1d4
-
SSDEEP
1536:Vle0eUv2iN7fhA5BY+oVuVWuEWYJOvNVvCmOJTC50mwJ1Alj3jCPOK56u1zzuso:VYlBixJyBZsujv609wQjC2K56o0
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5