Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

11fc825e7e...20.exe

windows7-x64

10

11fc825e7e...20.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    11fc825e7ee3156e9ab4a47e01d05820

  • Size

    824KB

  • Sample

    231230-h6gm8scde7

  • MD5

    11fc825e7ee3156e9ab4a47e01d05820

  • SHA1

    c0531cfd6e692227a1d1c91623e3842635477f8c

  • SHA256

    98c0aa5d72889e324c8651ee538e777a136d59d1f9abfbd4d59c20fc66ff0836

  • SHA512

    ced2c223281c8611f959b5527950c5e058da6561e12b3dfced9dbab16396212f37214ba1f7da88df584db1fdb93d4cd277ddd947558f46578b8bdee304083eba

  • SSDEEP

    12288:PpUJ3r6YkVwJgNnSykgb9cqWnw4q6ZmFhqsIX+pd167QhEXn:PpUNr6YkVRFkgbeqeo68FhqtE6Eh

Score
10/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      11fc825e7ee3156e9ab4a47e01d05820

    • Size

      824KB

    • MD5

      11fc825e7ee3156e9ab4a47e01d05820

    • SHA1

      c0531cfd6e692227a1d1c91623e3842635477f8c

    • SHA256

      98c0aa5d72889e324c8651ee538e777a136d59d1f9abfbd4d59c20fc66ff0836

    • SHA512

      ced2c223281c8611f959b5527950c5e058da6561e12b3dfced9dbab16396212f37214ba1f7da88df584db1fdb93d4cd277ddd947558f46578b8bdee304083eba

    • SSDEEP

      12288:PpUJ3r6YkVwJgNnSykgb9cqWnw4q6ZmFhqsIX+pd167QhEXn:PpUNr6YkVRFkgbeqeo68FhqtE6Eh

    Score
    10/10
    evasionpersistencetrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Adds policy Run key to start application

      persistence

    • Disables RegEdit via registry modification

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Boot or Logon Autostart Execution

3
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Boot or Logon Autostart Execution

3
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

5
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Command and Control

Exfiltration

Impact

Tasks