Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    11fc825e7ee3156e9ab4a47e01d05820

  • Size

    824KB

  • Sample

    231230-h6gm8scde7

  • MD5

    11fc825e7ee3156e9ab4a47e01d05820

  • SHA1

    c0531cfd6e692227a1d1c91623e3842635477f8c

  • SHA256

    98c0aa5d72889e324c8651ee538e777a136d59d1f9abfbd4d59c20fc66ff0836

  • SHA512

    ced2c223281c8611f959b5527950c5e058da6561e12b3dfced9dbab16396212f37214ba1f7da88df584db1fdb93d4cd277ddd947558f46578b8bdee304083eba

  • SSDEEP

    12288:PpUJ3r6YkVwJgNnSykgb9cqWnw4q6ZmFhqsIX+pd167QhEXn:PpUNr6YkVRFkgbeqeo68FhqtE6Eh

Malware Config

Targets

    • Target

      11fc825e7ee3156e9ab4a47e01d05820

    • Size

      824KB

    • MD5

      11fc825e7ee3156e9ab4a47e01d05820

    • SHA1

      c0531cfd6e692227a1d1c91623e3842635477f8c

    • SHA256

      98c0aa5d72889e324c8651ee538e777a136d59d1f9abfbd4d59c20fc66ff0836

    • SHA512

      ced2c223281c8611f959b5527950c5e058da6561e12b3dfced9dbab16396212f37214ba1f7da88df584db1fdb93d4cd277ddd947558f46578b8bdee304083eba

    • SSDEEP

      12288:PpUJ3r6YkVwJgNnSykgb9cqWnw4q6ZmFhqsIX+pd167QhEXn:PpUNr6YkVRFkgbeqeo68FhqtE6Eh

    • Modifies WinLogon for persistence

    • UAC bypass

    • Adds policy Run key to start application

    • Disables RegEdit via registry modification

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks