Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4eacc64af74d763c8c92fc186adbd787

  • Size

    1.7MB

  • Sample

    240109-syd79adcbj

  • MD5

    4eacc64af74d763c8c92fc186adbd787

  • SHA1

    cb219eb356152db3b43422d957cb099c2afe6fbf

  • SHA256

    3ca2e31aeba7bdb779ca62f879502752b0e10046ef021b3fc8f4694e01ebacba

  • SHA512

    51d83c3291cca99a3a58e3ecc19920d8dcd4b8599488ae051e8cb939621b129eb9de723dfc923c5ccfadc575cb1b3797c81bbd0c9fba6b7fb6f12968bdefa6db

  • SSDEEP

    49152:iST/ajtxLsmifr7B5ZbV4d4Dm761UZp8lBW:Q8ZBUGmgUX8i

Malware Config

Targets

    • Target

      4eacc64af74d763c8c92fc186adbd787

    • Size

      1.7MB

    • MD5

      4eacc64af74d763c8c92fc186adbd787

    • SHA1

      cb219eb356152db3b43422d957cb099c2afe6fbf

    • SHA256

      3ca2e31aeba7bdb779ca62f879502752b0e10046ef021b3fc8f4694e01ebacba

    • SHA512

      51d83c3291cca99a3a58e3ecc19920d8dcd4b8599488ae051e8cb939621b129eb9de723dfc923c5ccfadc575cb1b3797c81bbd0c9fba6b7fb6f12968bdefa6db

    • SSDEEP

      49152:iST/ajtxLsmifr7B5ZbV4d4Dm761UZp8lBW:Q8ZBUGmgUX8i

    • Modifies WinLogon for persistence

    • Windows security bypass

    • Adds policy Run key to start application

    • Modifies Installed Components in the registry

    • Modifies Windows Firewall

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.