Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    274280c0f2dc2def2b1c732a5d24c596

  • Size

    99KB

  • Sample

    231231-ekttwseeeq

  • MD5

    274280c0f2dc2def2b1c732a5d24c596

  • SHA1

    e9ab8dc315a36194c19f5b2ca22905cd11c7c70f

  • SHA256

    28c7431a15ada133ba58cb17edd757da47901cb14cdaf2df568a196296ba78e6

  • SHA512

    54bbaf8c62244f44178ef24027da410f5a1b4aa28f732fdc6076e3f7885793c7b84d264efd074fdfc026f97106674bbd12906917894b7e76b702cba6ed4abf93

  • SSDEEP

    3072:NMk0f8swrpziGGxRGtZUlxmIGVk8jwaaHw7Koj4rDM7QJy:mk0KVGxuZgm

Malware Config

Targets

    • Target

      274280c0f2dc2def2b1c732a5d24c596

    • Size

      99KB

    • MD5

      274280c0f2dc2def2b1c732a5d24c596

    • SHA1

      e9ab8dc315a36194c19f5b2ca22905cd11c7c70f

    • SHA256

      28c7431a15ada133ba58cb17edd757da47901cb14cdaf2df568a196296ba78e6

    • SHA512

      54bbaf8c62244f44178ef24027da410f5a1b4aa28f732fdc6076e3f7885793c7b84d264efd074fdfc026f97106674bbd12906917894b7e76b702cba6ed4abf93

    • SSDEEP

      3072:NMk0f8swrpziGGxRGtZUlxmIGVk8jwaaHw7Koj4rDM7QJy:mk0KVGxuZgm

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks