Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

GTA 5 Web Cursor.cur

windows10-2004-x64

Resubmissions

22/01/2024, 18:59

240122-xnavaschg6 10

22/01/2024, 18:56

240122-xlm2vacchp 3

22/01/2024, 18:52

240122-xjdemaccgm 4

Sharing

Copy URL
Twitter E-mail

General

  • Target

    GTA 5 Web Cursor.cur

  • Size

    4KB

  • Sample

    240122-xnavaschg6

  • MD5

    ff6de1c4f3bc8fec42883a51f23c9df7

  • SHA1

    3297b0be81fa0cd2828412d625e5655b3c12b62d

  • SHA256

    588178fd381b8616491f4830aab4c0520d83b2bc02b4484ec8a484b11923ed0b

  • SHA512

    4cdd6b57a79498a0304fd08f2ae347d34702de0cc53d00a8524c1f5494588c6290949c93f845698bdc40ac347f5285785410a413160c596714d07a5af884b03b

  • SSDEEP

    24:NYLM+Or3GqJF1pVu/2uEwuwLwuwuqVwuzwmwYwYwYwYwQDbqqqqc:NfzjGqtfI2SB8Bt2F5bbbbsbqqqqc

Score
10/10
evasionpersistenceransomwaretrojan

Malware Config

Targets

    • Target

      GTA 5 Web Cursor.cur

    • Size

      4KB

    • MD5

      ff6de1c4f3bc8fec42883a51f23c9df7

    • SHA1

      3297b0be81fa0cd2828412d625e5655b3c12b62d

    • SHA256

      588178fd381b8616491f4830aab4c0520d83b2bc02b4484ec8a484b11923ed0b

    • SHA512

      4cdd6b57a79498a0304fd08f2ae347d34702de0cc53d00a8524c1f5494588c6290949c93f845698bdc40ac347f5285785410a413160c596714d07a5af884b03b

    • SSDEEP

      24:NYLM+Or3GqJF1pVu/2uEwuwLwuwuqVwuzwmwYwYwYwYwQDbqqqqc:NfzjGqtfI2SB8Bt2F5bbbbsbqqqqc

    Score
    10/10
    evasionpersistenceransomwaretrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Modifies WinLogon

      persistence

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks