Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Downloads.exe

  • Size

    4.0MB

  • Sample

    240101-pgalysdca8

  • MD5

    cd8f4e150be0693f4b1336a6c9702702

  • SHA1

    57be21a8e57685ed144acacf3d55e3c6a0d5edac

  • SHA256

    f63240082e6fe7f88706b94a8d2f8cda68bd420bfff1c22140a1403041347d5a

  • SHA512

    2fc2da8396ee36c9ecf62400302980da203070195e9f4b6fe4f6c6f3b5ccfc8d8b64850ed158e1d539f0e9a9bdce7e00db9848dc03bdaf5ae77494b779989077

  • SSDEEP

    98304:FszYBRrkXK0TX8hokq4+cbrHiNWvcRvi227kVy2KRE2PEdD3rDD:kYIXL8hg4zaYvcc/o7KREN9rX

Malware Config

Targets

    • Target

      Downloads.exe

    • Size

      4.0MB

    • MD5

      cd8f4e150be0693f4b1336a6c9702702

    • SHA1

      57be21a8e57685ed144acacf3d55e3c6a0d5edac

    • SHA256

      f63240082e6fe7f88706b94a8d2f8cda68bd420bfff1c22140a1403041347d5a

    • SHA512

      2fc2da8396ee36c9ecf62400302980da203070195e9f4b6fe4f6c6f3b5ccfc8d8b64850ed158e1d539f0e9a9bdce7e00db9848dc03bdaf5ae77494b779989077

    • SSDEEP

      98304:FszYBRrkXK0TX8hokq4+cbrHiNWvcRvi227kVy2KRE2PEdD3rDD:kYIXL8hg4zaYvcc/o7KREN9rX

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks