Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4e52c8ea413c0b52a12f57f3531356a8.exe

  • Size

    596KB

  • Sample

    240109-xljpesgedr

  • MD5

    4e52c8ea413c0b52a12f57f3531356a8

  • SHA1

    641da090ae500fecdc03f1d119ed782878b8498e

  • SHA256

    e08fde454789b121c099a4e3d2f89c2fda5c292e754a0223738192ecfe42671f

  • SHA512

    7aa4e11e24fadd892e87f017b3d3e0403c8d3ca7834e959d134a97e0758cad563d84f4d9a209e99446c2f9f75a175734b93cbebd4ce6f12f0d1602a6c7ef0759

  • SSDEEP

    12288:VwiFc5PkJLe9687vG6MisJSKIOn/eTPduu:1oMCJGrisoFOn/eT1R

Malware Config

Targets

    • Target

      4e52c8ea413c0b52a12f57f3531356a8.exe

    • Size

      596KB

    • MD5

      4e52c8ea413c0b52a12f57f3531356a8

    • SHA1

      641da090ae500fecdc03f1d119ed782878b8498e

    • SHA256

      e08fde454789b121c099a4e3d2f89c2fda5c292e754a0223738192ecfe42671f

    • SHA512

      7aa4e11e24fadd892e87f017b3d3e0403c8d3ca7834e959d134a97e0758cad563d84f4d9a209e99446c2f9f75a175734b93cbebd4ce6f12f0d1602a6c7ef0759

    • SSDEEP

      12288:VwiFc5PkJLe9687vG6MisJSKIOn/eTPduu:1oMCJGrisoFOn/eT1R

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Modifies Installed Components in the registry

    • Adds Run key to start application

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks