Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    02db6c6dd0119ae4dd092c95269ef0fa

  • Size

    104KB

  • Sample

    231229-y3psfaahbp

  • MD5

    02db6c6dd0119ae4dd092c95269ef0fa

  • SHA1

    0c847bd4af6ef9eb9da384374fb70117be59150d

  • SHA256

    1e835832f440f1a949ff14547bfe943013f5211e3d5ad80632048554861d70ee

  • SHA512

    b83eef9cd127287da84fc6682b2cf84a1e6961d961fc6b194150ccce15fbdf5dae273a584041d39ffbabb7a55a7e922e43e1be8e67c1dce782360fb31f9d966b

  • SSDEEP

    3072:lQ5faGko6CFrbJKARb0WQ9FSE1Fk8jwaaHw7Koj4rgdy:61afCF3IO0WmFR

Malware Config

Targets

    • Target

      02db6c6dd0119ae4dd092c95269ef0fa

    • Size

      104KB

    • MD5

      02db6c6dd0119ae4dd092c95269ef0fa

    • SHA1

      0c847bd4af6ef9eb9da384374fb70117be59150d

    • SHA256

      1e835832f440f1a949ff14547bfe943013f5211e3d5ad80632048554861d70ee

    • SHA512

      b83eef9cd127287da84fc6682b2cf84a1e6961d961fc6b194150ccce15fbdf5dae273a584041d39ffbabb7a55a7e922e43e1be8e67c1dce782360fb31f9d966b

    • SSDEEP

      3072:lQ5faGko6CFrbJKARb0WQ9FSE1Fk8jwaaHw7Koj4rgdy:61afCF3IO0WmFR

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks