Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4e52c8ea413c0b52a12f57f3531356a8.exe
-
Size
596KB
-
Sample
240109-xljpesgedr
-
MD5
4e52c8ea413c0b52a12f57f3531356a8
-
SHA1
641da090ae500fecdc03f1d119ed782878b8498e
-
SHA256
e08fde454789b121c099a4e3d2f89c2fda5c292e754a0223738192ecfe42671f
-
SHA512
7aa4e11e24fadd892e87f017b3d3e0403c8d3ca7834e959d134a97e0758cad563d84f4d9a209e99446c2f9f75a175734b93cbebd4ce6f12f0d1602a6c7ef0759
-
SSDEEP
12288:VwiFc5PkJLe9687vG6MisJSKIOn/eTPduu:1oMCJGrisoFOn/eT1R
Static task
static1
Behavioral task
behavioral1
Sample
4e52c8ea413c0b52a12f57f3531356a8.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
4e52c8ea413c0b52a12f57f3531356a8.exe
Resource
win10v2004-20231222-en
Malware Config
Targets
-
-
Target
4e52c8ea413c0b52a12f57f3531356a8.exe
-
Size
596KB
-
MD5
4e52c8ea413c0b52a12f57f3531356a8
-
SHA1
641da090ae500fecdc03f1d119ed782878b8498e
-
SHA256
e08fde454789b121c099a4e3d2f89c2fda5c292e754a0223738192ecfe42671f
-
SHA512
7aa4e11e24fadd892e87f017b3d3e0403c8d3ca7834e959d134a97e0758cad563d84f4d9a209e99446c2f9f75a175734b93cbebd4ce6f12f0d1602a6c7ef0759
-
SSDEEP
12288:VwiFc5PkJLe9687vG6MisJSKIOn/eTPduu:1oMCJGrisoFOn/eT1R
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1