Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
.
-
Size
18KB
-
Sample
240211-s6xpkabe47
-
MD5
dfc167e7bcf8c4297e8230abfecab725
-
SHA1
1d71b95b8785f93ab7d737b87e0263099e01c735
-
SHA256
f9571da74ff23e82bab0a97fc2e26deee93ca0f8413b746c0ae432f180d0ab2f
-
SHA512
2f95b81e2c6e191b87e5cc4eb824d40e67d797ec927c9ddfe7bd043348572a88f5f5b5f19dc8af2ce599c9e04a3141111d213f51edb8e0558525d2bf7c7646de
-
SSDEEP
384:rPZmDpmReVoOs4dN9ylKeGMjUhHhhbuTeK7UIN2weCP+VJCBXQL:rBmBVoOs4dryI1MgBhbyesU/vJQQL
Malware Config
Targets
-
-
Target
.
-
Size
18KB
-
MD5
dfc167e7bcf8c4297e8230abfecab725
-
SHA1
1d71b95b8785f93ab7d737b87e0263099e01c735
-
SHA256
f9571da74ff23e82bab0a97fc2e26deee93ca0f8413b746c0ae432f180d0ab2f
-
SHA512
2f95b81e2c6e191b87e5cc4eb824d40e67d797ec927c9ddfe7bd043348572a88f5f5b5f19dc8af2ce599c9e04a3141111d213f51edb8e0558525d2bf7c7646de
-
SSDEEP
384:rPZmDpmReVoOs4dN9ylKeGMjUhHhhbuTeK7UIN2weCP+VJCBXQL:rBmBVoOs4dryI1MgBhbyesU/vJQQL
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks whether UAC is enabled
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1