Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0f17b0d4320240b6109bc8a25f505e09
-
Size
13.0MB
-
Sample
231230-fgyjcagehr
-
MD5
0f17b0d4320240b6109bc8a25f505e09
-
SHA1
995e221404656216ce3ff4cd17f82b4b5bdd8c2c
-
SHA256
d0eff54fcc3e55633eaf0b74e3e757cd17ac81abe8015cca3496b3f10f9a45d5
-
SHA512
eeca32f1953961d360233613e10818c5398b36e57e888175099b005af646f00a3a82f8fb134690d1b1059ff5ec4fb5bd9ed21a692d68fbbc721b8ba35d74509a
-
SSDEEP
24576:gT8rgnPp+RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRB:Qp+
Static task
static1
Behavioral task
behavioral1
Sample
0f17b0d4320240b6109bc8a25f505e09.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
0f17b0d4320240b6109bc8a25f505e09.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
tofsee
43.231.4.6
lazystax.ru
Targets
-
-
Target
0f17b0d4320240b6109bc8a25f505e09
-
Size
13.0MB
-
MD5
0f17b0d4320240b6109bc8a25f505e09
-
SHA1
995e221404656216ce3ff4cd17f82b4b5bdd8c2c
-
SHA256
d0eff54fcc3e55633eaf0b74e3e757cd17ac81abe8015cca3496b3f10f9a45d5
-
SHA512
eeca32f1953961d360233613e10818c5398b36e57e888175099b005af646f00a3a82f8fb134690d1b1059ff5ec4fb5bd9ed21a692d68fbbc721b8ba35d74509a
-
SSDEEP
24576:gT8rgnPp+RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRB:Qp+
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2