Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
21c7481d44e9d15714818dc8548dbb9f
-
Size
125KB
-
Sample
231231-atrcxaggg8
-
MD5
21c7481d44e9d15714818dc8548dbb9f
-
SHA1
cf49d2b9aefbc9f7e60ffc046d93914990b21786
-
SHA256
0cf570871de8511e21928c032baafb1309be3faba8124c0a99f96261dc749fe3
-
SHA512
75c5aee133c87875b9d22b06fb49b2746d401508540107429af2755b9f5e9edba31c88bf4a2b9265b33cffc72d393dc972dbaf6ca5b4d371d3969b96fdb96a63
-
SSDEEP
3072:MIXs68BY9oTwGNeFxEMDJCZoYzuNR9FkmuGYy:78XTUGNeFTCZoYyNRgmCy
Malware Config
Targets
-
-
Target
21c7481d44e9d15714818dc8548dbb9f
-
Size
125KB
-
MD5
21c7481d44e9d15714818dc8548dbb9f
-
SHA1
cf49d2b9aefbc9f7e60ffc046d93914990b21786
-
SHA256
0cf570871de8511e21928c032baafb1309be3faba8124c0a99f96261dc749fe3
-
SHA512
75c5aee133c87875b9d22b06fb49b2746d401508540107429af2755b9f5e9edba31c88bf4a2b9265b33cffc72d393dc972dbaf6ca5b4d371d3969b96fdb96a63
-
SSDEEP
3072:MIXs68BY9oTwGNeFxEMDJCZoYzuNR9FkmuGYy:78XTUGNeFTCZoYyNRgmCy
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Drops startup file
-
Adds Run key to start application
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2