Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
winzip26.exe.7z
-
Size
516KB
-
Sample
240125-q72zkahgcj
-
MD5
0c636d7a4448a4cf19b0b051df81dca8
-
SHA1
8ad53540afb8b5586dfbf9410312e44db63b5f95
-
SHA256
023ab137657d4dfffd5bf98d9dcd2fd2bc9600fdea317ff3323d48c2d2923d74
-
SHA512
d5be909ad229b1cf7e8b40188b080d959826e76501b3c27f141ef744ce9c3d63a590edace22b9b41989d6d34fbfe024979d460c88845e21dcd4cc6d95bb70975
-
SSDEEP
12288:Cd0DSS25IRWKdSOZ4CG9eZuRTTyRmzr/TF:Cd0DawWKdSPleZuARm/
Static task
static1
Behavioral task
behavioral1
Sample
winzip26.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
winzip26.exe
Resource
win10v2004-20231222-en
Malware Config
Targets
-
-
Target
winzip26.exe
-
Size
992KB
-
MD5
40a49a13e2ed6577937568ef19b6e853
-
SHA1
2b2458cab8730ea3c69fc8cc7059f6fdc3c7f4c7
-
SHA256
9bf1cab2cfcf82b772242c09f49bd43d7300f5996456f56dca471364f5e70d9a
-
SHA512
962a1297cb9652a52d4901317bd8e3a1953ec7b277e84dcbdeb31ff665b3d643a58f690179bf527187fff85d7ea409485dd928209e906f4a5b09d6ccf9c11446
-
SSDEEP
12288:xkrPMg09CmiJQ21FUOkBVVWh7qZWoHnJ9NTwmHJMNm7aFxNcEQmi5WsvcXphs/:xQLkBVVWh7dA9NlM7c0Za/
Score6/10-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Change Default File Association
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Change Default File Association
1Scheduled Task/Job
1Defense Evasion
Modify Registry
4Subvert Trust Controls
1Install Root Certificate
1