Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1.exe
-
Size
37KB
-
Sample
240121-zaemfahfdk
-
MD5
c6c9c443276de08f55e112ae8b9805ba
-
SHA1
7041fbd93d486852df9e7a31cd07e3fa9a38e061
-
SHA256
7d5a7a36c5dec7d16bd7f3abf823879346d4ad40cea0beeeab483ba702ba9a5b
-
SHA512
4a85d147e8e5b4eb2d00670f67eda5b591bab6206f9691232676aaa2e8b2189ee16e3dfba84e58b443d3281ee8fcc8118e96daf9218629b0eb2120499c94b2c4
-
SSDEEP
384:ZnXyi0mnCVpd3vVmyhKrxTPaczmjcYx03IrAF+rMRTyN/0L+EcoinblneHQM3epP:1BANVdhKrFPa/bx0YrM+rMRa8NuQctN
Behavioral task
behavioral1
Sample
1.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral2
Sample
1.exe
Resource
win11-20231215-en
Malware Config
Extracted
njrat
im523
HacKed
potential-instances.gl.at.ply.gg:24675
eae2d0d75b0c1d402f8fd7a128486e82
-
reg_key
eae2d0d75b0c1d402f8fd7a128486e82
-
splitter
|'|'|
Targets
-
-
Target
1.exe
-
Size
37KB
-
MD5
c6c9c443276de08f55e112ae8b9805ba
-
SHA1
7041fbd93d486852df9e7a31cd07e3fa9a38e061
-
SHA256
7d5a7a36c5dec7d16bd7f3abf823879346d4ad40cea0beeeab483ba702ba9a5b
-
SHA512
4a85d147e8e5b4eb2d00670f67eda5b591bab6206f9691232676aaa2e8b2189ee16e3dfba84e58b443d3281ee8fcc8118e96daf9218629b0eb2120499c94b2c4
-
SSDEEP
384:ZnXyi0mnCVpd3vVmyhKrxTPaczmjcYx03IrAF+rMRTyN/0L+EcoinblneHQM3epP:1BANVdhKrFPa/bx0YrM+rMRa8NuQctN
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1