Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4b642633a36a25817bd10003d5d4dea0
-
Size
100KB
-
Sample
240108-n97xgshdek
-
MD5
4b642633a36a25817bd10003d5d4dea0
-
SHA1
66e64cc788ae62e354596207bf670be4a6882c49
-
SHA256
db2224fd25fb45150d7033001ff2ea90da3fd56d8a3f1d99f1f3fab14705fe09
-
SHA512
cc47e3e65fa5aca36a092af0f489574ec157fbae3f6fa06dbb4de4c0e794dc8ce2c4e6286d48d8b32c8b0d457b6ca8e22442e34ef79322a3aa960d30ca8fff94
-
SSDEEP
3072:gi9cmKEV+l7/qlNPQ6Qpmj2dDqSGVk8jwaaHw7Koj4rDMN0:gicUWrqfPnumjkDqSk
Static task
static1
Behavioral task
behavioral1
Sample
4b642633a36a25817bd10003d5d4dea0.exe
Resource
win7-20231129-en
Malware Config
Targets
-
-
Target
4b642633a36a25817bd10003d5d4dea0
-
Size
100KB
-
MD5
4b642633a36a25817bd10003d5d4dea0
-
SHA1
66e64cc788ae62e354596207bf670be4a6882c49
-
SHA256
db2224fd25fb45150d7033001ff2ea90da3fd56d8a3f1d99f1f3fab14705fe09
-
SHA512
cc47e3e65fa5aca36a092af0f489574ec157fbae3f6fa06dbb4de4c0e794dc8ce2c4e6286d48d8b32c8b0d457b6ca8e22442e34ef79322a3aa960d30ca8fff94
-
SSDEEP
3072:gi9cmKEV+l7/qlNPQ6Qpmj2dDqSGVk8jwaaHw7Koj4rDMN0:gicUWrqfPnumjkDqSk
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1