Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
01e6b8c6f9a783a38e5db34d0fac0786
-
Size
163KB
-
Sample
231229-yaqh9sfeh2
-
MD5
01e6b8c6f9a783a38e5db34d0fac0786
-
SHA1
c47e0a1754a09d3488defc1f60bcf380d4befea1
-
SHA256
e194c269292c77ec647d41b210f124caaf9a4e7f921be2b5e5568637bb8ca829
-
SHA512
0baec11b16bfe4528e0a094510d932244786c0a938184cc4729cb69cbacc1a47f9fa17f9ca3026db460b3567f1dd5151871e94f790d49bbcb0b3b9679bb74154
-
SSDEEP
3072:g887lQUdaQCFsISRmnHgUb0lNrGSHrOLbHg9PzZV4vK+OmnW:g83UsNqCSHiA9LZV4vK+dn
Static task
static1
Behavioral task
behavioral1
Sample
01e6b8c6f9a783a38e5db34d0fac0786.exe
Resource
win7-20231215-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
http://klkjwre77638dfqwieuoi888.info/
Targets
-
-
Target
01e6b8c6f9a783a38e5db34d0fac0786
-
Size
163KB
-
MD5
01e6b8c6f9a783a38e5db34d0fac0786
-
SHA1
c47e0a1754a09d3488defc1f60bcf380d4befea1
-
SHA256
e194c269292c77ec647d41b210f124caaf9a4e7f921be2b5e5568637bb8ca829
-
SHA512
0baec11b16bfe4528e0a094510d932244786c0a938184cc4729cb69cbacc1a47f9fa17f9ca3026db460b3567f1dd5151871e94f790d49bbcb0b3b9679bb74154
-
SSDEEP
3072:g887lQUdaQCFsISRmnHgUb0lNrGSHrOLbHg9PzZV4vK+OmnW:g83UsNqCSHiA9LZV4vK+dn
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1