Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4eacc64af74d763c8c92fc186adbd787

  • Size

    1.7MB

  • Sample

    240109-syd79adcbj

  • MD5

    4eacc64af74d763c8c92fc186adbd787

  • SHA1

    cb219eb356152db3b43422d957cb099c2afe6fbf

  • SHA256

    3ca2e31aeba7bdb779ca62f879502752b0e10046ef021b3fc8f4694e01ebacba

  • SHA512

    51d83c3291cca99a3a58e3ecc19920d8dcd4b8599488ae051e8cb939621b129eb9de723dfc923c5ccfadc575cb1b3797c81bbd0c9fba6b7fb6f12968bdefa6db

  • SSDEEP

    49152:iST/ajtxLsmifr7B5ZbV4d4Dm761UZp8lBW:Q8ZBUGmgUX8i

Malware Config

Targets

    • Target

      4eacc64af74d763c8c92fc186adbd787

    • Size

      1.7MB

    • MD5

      4eacc64af74d763c8c92fc186adbd787

    • SHA1

      cb219eb356152db3b43422d957cb099c2afe6fbf

    • SHA256

      3ca2e31aeba7bdb779ca62f879502752b0e10046ef021b3fc8f4694e01ebacba

    • SHA512

      51d83c3291cca99a3a58e3ecc19920d8dcd4b8599488ae051e8cb939621b129eb9de723dfc923c5ccfadc575cb1b3797c81bbd0c9fba6b7fb6f12968bdefa6db

    • SSDEEP

      49152:iST/ajtxLsmifr7B5ZbV4d4Dm761UZp8lBW:Q8ZBUGmgUX8i

    • Modifies WinLogon for persistence

    • Windows security bypass

    • Adds policy Run key to start application

    • Modifies Installed Components in the registry

    • Modifies Windows Firewall

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks