Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

706c22a98c...63.exe

windows7-x64

10

706c22a98c...63.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    706c22a98c902a6d006d04cfda47e163

  • Size

    283KB

  • Sample

    240123-yk9d5agge5

  • MD5

    706c22a98c902a6d006d04cfda47e163

  • SHA1

    0dc80ee20cefca3045abcc1342d960b8a3c49e9c

  • SHA256

    54151d24cac03c5d6be72f161faa00f794edaca0c090747dfadc91a867dbd7bf

  • SHA512

    5f237c32596c16c2cf41c70977c02a86133dc2bb77bf11abd2b9cbb45e3a173a6e4971aefe3b33845c2fc07b29d1b4a52afea96f19fd2308903f8e32bd63234d

  • SSDEEP

    3072:Bx6AHjYzaFXg+w17jsgS/jHagQg1dxiEVlV5998K3WQ8fjEXKgZfnhfxu4V5998l:BxzYzaFXi17jWlVG84jqfhdVG84jqfhQ

Score
10/10
evasionpersistenceransomwaretrojan

Malware Config

Targets

    • Target

      706c22a98c902a6d006d04cfda47e163

    • Size

      283KB

    • MD5

      706c22a98c902a6d006d04cfda47e163

    • SHA1

      0dc80ee20cefca3045abcc1342d960b8a3c49e9c

    • SHA256

      54151d24cac03c5d6be72f161faa00f794edaca0c090747dfadc91a867dbd7bf

    • SHA512

      5f237c32596c16c2cf41c70977c02a86133dc2bb77bf11abd2b9cbb45e3a173a6e4971aefe3b33845c2fc07b29d1b4a52afea96f19fd2308903f8e32bd63234d

    • SSDEEP

      3072:Bx6AHjYzaFXg+w17jsgS/jHagQg1dxiEVlV5998K3WQ8fjEXKgZfnhfxu4V5998l:BxzYzaFXi17jWlVG84jqfhdVG84jqfhQ

    Score
    10/10
    evasionpersistenceransomwaretrojan

    • Modifies WinLogon for persistence

      persistence

    • Modifies visibility of file extensions in Explorer

      evasion

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • UAC bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables use of System Restore points

      evasion

    • Drops file in Drivers directory

    • Sets file execution options in registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Boot or Logon Autostart Execution

3
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Boot or Logon Autostart Execution

3
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

9
T1112

Credential Access

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

1
T1012

Remote System Discovery

1
T1018

System Information Discovery

2
T1082

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Command and Control

Exfiltration

Impact

Defacement

1
T1491

Inhibit System Recovery

1
T1490

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.