Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
02db6c6dd0119ae4dd092c95269ef0fa
-
Size
104KB
-
Sample
231229-y3psfaahbp
-
MD5
02db6c6dd0119ae4dd092c95269ef0fa
-
SHA1
0c847bd4af6ef9eb9da384374fb70117be59150d
-
SHA256
1e835832f440f1a949ff14547bfe943013f5211e3d5ad80632048554861d70ee
-
SHA512
b83eef9cd127287da84fc6682b2cf84a1e6961d961fc6b194150ccce15fbdf5dae273a584041d39ffbabb7a55a7e922e43e1be8e67c1dce782360fb31f9d966b
-
SSDEEP
3072:lQ5faGko6CFrbJKARb0WQ9FSE1Fk8jwaaHw7Koj4rgdy:61afCF3IO0WmFR
Malware Config
Targets
-
-
Target
02db6c6dd0119ae4dd092c95269ef0fa
-
Size
104KB
-
MD5
02db6c6dd0119ae4dd092c95269ef0fa
-
SHA1
0c847bd4af6ef9eb9da384374fb70117be59150d
-
SHA256
1e835832f440f1a949ff14547bfe943013f5211e3d5ad80632048554861d70ee
-
SHA512
b83eef9cd127287da84fc6682b2cf84a1e6961d961fc6b194150ccce15fbdf5dae273a584041d39ffbabb7a55a7e922e43e1be8e67c1dce782360fb31f9d966b
-
SSDEEP
3072:lQ5faGko6CFrbJKARb0WQ9FSE1Fk8jwaaHw7Koj4rgdy:61afCF3IO0WmFR
Score10/10-
Modifies WinLogon for persistence
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
UAC bypass
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1