Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-01-18_1ef0c1c293aad89a4d3a2ffb5fec9609_mafia

  • Size

    119KB

  • Sample

    240118-2e5ersbcal

  • MD5

    1ef0c1c293aad89a4d3a2ffb5fec9609

  • SHA1

    787a3344358255291873835d2102f7f8955030bf

  • SHA256

    6d4eaa00386f7e31da0e5e38a6da9ab963f425b39b8d207cc429e95b0c0514cc

  • SHA512

    5b70e340c9743aac6f45d034f0d2dc06c891a68dd5879b45cef5f8e3ca1f139e67df725a88f8981e0a65853f923a0db3022417dbbd692b585375f72d13267ae3

  • SSDEEP

    1536:eUZcxmcd+mmyR9IrpDsp9eoWF9d+xztu+qHPb4pqqnAFQONXsrJgFy0qW+zVau1:eUrcDmOIrysoWFnauHD4trJgFyzau1

Score
10/10

Malware Config

Targets

    • Target

      2024-01-18_1ef0c1c293aad89a4d3a2ffb5fec9609_mafia

    • Size

      119KB

    • MD5

      1ef0c1c293aad89a4d3a2ffb5fec9609

    • SHA1

      787a3344358255291873835d2102f7f8955030bf

    • SHA256

      6d4eaa00386f7e31da0e5e38a6da9ab963f425b39b8d207cc429e95b0c0514cc

    • SHA512

      5b70e340c9743aac6f45d034f0d2dc06c891a68dd5879b45cef5f8e3ca1f139e67df725a88f8981e0a65853f923a0db3022417dbbd692b585375f72d13267ae3

    • SSDEEP

      1536:eUZcxmcd+mmyR9IrpDsp9eoWF9d+xztu+qHPb4pqqnAFQONXsrJgFy0qW+zVau1:eUrcDmOIrysoWFnauHD4trJgFyzau1

    Score
    10/10
    • UAC bypass

    • Detects executables calling ClearMyTracksByProcess

    • UPX dump on OEP (original entry point)

    • Downloads MZ/PE file

    • Modifies RDP port number used by Windows

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks