Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3db2660d7cffcb682ce00e0bde927517

  • Size

    860KB

  • Sample

    240101-yap8haagh9

  • MD5

    3db2660d7cffcb682ce00e0bde927517

  • SHA1

    91c05b98597758c8f37c84f0addb074457ebee34

  • SHA256

    514955742584b4b75e5c21274ed9b8f44baac47f1eac8939b35928ecff930710

  • SHA512

    850f0f33032f16a090e09249a0671756ab341493a9e220587b5cf9b9d1f697e187c0bea49dd7f2a4c53c6deda8618674b48da5ebe6e7c1b7addfced99b6490c0

  • SSDEEP

    12288:720LBewQKm0Ih+F2k2dVEqoGO2p4W/pSbhrwzrW90ivPG1AnvBMhxKy3C5imMdM3:7xBeCLIE+PoGO26cEmy0ivOa5aC0mAw

Malware Config

Targets

    • Target

      3db2660d7cffcb682ce00e0bde927517

    • Size

      860KB

    • MD5

      3db2660d7cffcb682ce00e0bde927517

    • SHA1

      91c05b98597758c8f37c84f0addb074457ebee34

    • SHA256

      514955742584b4b75e5c21274ed9b8f44baac47f1eac8939b35928ecff930710

    • SHA512

      850f0f33032f16a090e09249a0671756ab341493a9e220587b5cf9b9d1f697e187c0bea49dd7f2a4c53c6deda8618674b48da5ebe6e7c1b7addfced99b6490c0

    • SSDEEP

      12288:720LBewQKm0Ih+F2k2dVEqoGO2p4W/pSbhrwzrW90ivPG1AnvBMhxKy3C5imMdM3:7xBeCLIE+PoGO26cEmy0ivOa5aC0mAw

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks