Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    72454051b03c281f006cd3f8e88426b3

  • Size

    673KB

  • Sample

    240124-px14vaaecm

  • MD5

    72454051b03c281f006cd3f8e88426b3

  • SHA1

    05bfa914bd7b1b64ffbf0bba9bd8ee78e17956b7

  • SHA256

    5998bc5d720691c9a28f1c3d2fafb55195be1a1afdda292064d9fb9aef9ae04b

  • SHA512

    d13cde9152191dacb811a81831a5106b2ccec49c6a366aabe4254f99d628f867bc4b64747c958dbdfe4321b70a811b2d46e21cd33925697fc5395d22920d7a46

  • SSDEEP

    12288:JMnBszy90Q7YX+CFTc5GDnbu/qmvSBjh+4nqjuwNhyiIgf96rNiBW:wszyUTmGf8Dv2VLqNNhyilYrNi

Malware Config

Targets

    • Target

      72454051b03c281f006cd3f8e88426b3

    • Size

      673KB

    • MD5

      72454051b03c281f006cd3f8e88426b3

    • SHA1

      05bfa914bd7b1b64ffbf0bba9bd8ee78e17956b7

    • SHA256

      5998bc5d720691c9a28f1c3d2fafb55195be1a1afdda292064d9fb9aef9ae04b

    • SHA512

      d13cde9152191dacb811a81831a5106b2ccec49c6a366aabe4254f99d628f867bc4b64747c958dbdfe4321b70a811b2d46e21cd33925697fc5395d22920d7a46

    • SSDEEP

      12288:JMnBszy90Q7YX+CFTc5GDnbu/qmvSBjh+4nqjuwNhyiIgf96rNiBW:wszyUTmGf8Dv2VLqNNhyilYrNi

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Modifies Installed Components in the registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks