Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4b642633a36a25817bd10003d5d4dea0

  • Size

    100KB

  • Sample

    240108-n97xgshdek

  • MD5

    4b642633a36a25817bd10003d5d4dea0

  • SHA1

    66e64cc788ae62e354596207bf670be4a6882c49

  • SHA256

    db2224fd25fb45150d7033001ff2ea90da3fd56d8a3f1d99f1f3fab14705fe09

  • SHA512

    cc47e3e65fa5aca36a092af0f489574ec157fbae3f6fa06dbb4de4c0e794dc8ce2c4e6286d48d8b32c8b0d457b6ca8e22442e34ef79322a3aa960d30ca8fff94

  • SSDEEP

    3072:gi9cmKEV+l7/qlNPQ6Qpmj2dDqSGVk8jwaaHw7Koj4rDMN0:gicUWrqfPnumjkDqSk

Malware Config

Targets

    • Target

      4b642633a36a25817bd10003d5d4dea0

    • Size

      100KB

    • MD5

      4b642633a36a25817bd10003d5d4dea0

    • SHA1

      66e64cc788ae62e354596207bf670be4a6882c49

    • SHA256

      db2224fd25fb45150d7033001ff2ea90da3fd56d8a3f1d99f1f3fab14705fe09

    • SHA512

      cc47e3e65fa5aca36a092af0f489574ec157fbae3f6fa06dbb4de4c0e794dc8ce2c4e6286d48d8b32c8b0d457b6ca8e22442e34ef79322a3aa960d30ca8fff94

    • SSDEEP

      3072:gi9cmKEV+l7/qlNPQ6Qpmj2dDqSGVk8jwaaHw7Koj4rDMN0:gicUWrqfPnumjkDqSk

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks