Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1392f2f4e3fcc90faf09d722e4059f0a

  • Size

    688KB

  • Sample

    231230-kjfhrsdgg7

  • MD5

    1392f2f4e3fcc90faf09d722e4059f0a

  • SHA1

    3e1a946887bbab52bc3f5064cc6b038aea0b8854

  • SHA256

    60bc5f9ac42e9bc88f810dcd2f370cf8f938542c90a42a42eaef4331812a6d54

  • SHA512

    1be6db21f06edf882ed16d8e2008753cddf60936c5223ad90549e94199ba6617edd2ac5da2cb5f842d3895b8379cc32787780988e7091886ae21e32b600b7629

  • SSDEEP

    12288:IjkArEN249AyE/rbaMct4bO2/VQ2Rw2AuAawbVlKhnSCwmYEQJNohHxNG+:TFE//Tct4bOsdHx0bMSjmYEEEHxE+

Score
10/10

Malware Config

Targets

    • Target

      1392f2f4e3fcc90faf09d722e4059f0a

    • Size

      688KB

    • MD5

      1392f2f4e3fcc90faf09d722e4059f0a

    • SHA1

      3e1a946887bbab52bc3f5064cc6b038aea0b8854

    • SHA256

      60bc5f9ac42e9bc88f810dcd2f370cf8f938542c90a42a42eaef4331812a6d54

    • SHA512

      1be6db21f06edf882ed16d8e2008753cddf60936c5223ad90549e94199ba6617edd2ac5da2cb5f842d3895b8379cc32787780988e7091886ae21e32b600b7629

    • SSDEEP

      12288:IjkArEN249AyE/rbaMct4bO2/VQ2Rw2AuAawbVlKhnSCwmYEQJNohHxNG+:TFE//Tct4bOsdHx0bMSjmYEEEHxE+

    Score
    10/10
    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Disables use of System Restore points

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks