Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    969b2dabe6080bc2da7236a0d455ced7

  • Size

    480KB

  • Sample

    240212-h86p5sfe8s

  • MD5

    969b2dabe6080bc2da7236a0d455ced7

  • SHA1

    f2b4c9c70bbb5e11ec823846ad88a20c235775cd

  • SHA256

    4e7ae8c1b57d2178d7014c18b11a0d9ff1444f07d513ea8fdfa5af7a11f02873

  • SHA512

    1218dab072f3144304196c98f1b3c0494448929b8e6be35d5db88ef3dee0d0c12191f8cf3c94d8287195cde1af9a2a910a230d2e96f987e196e34ba00ae247c0

  • SSDEEP

    6144:Kjg5pk1GS0xX3lPtbNN/DNRgkpiZzjhDQ0oeGF91YVusYJx+9sisyYpFTOOzHTvP:Kg5pBHxXptbN5ZRgOiBjw/C0AWzFjPvP

Malware Config

Targets

    • Target

      969b2dabe6080bc2da7236a0d455ced7

    • Size

      480KB

    • MD5

      969b2dabe6080bc2da7236a0d455ced7

    • SHA1

      f2b4c9c70bbb5e11ec823846ad88a20c235775cd

    • SHA256

      4e7ae8c1b57d2178d7014c18b11a0d9ff1444f07d513ea8fdfa5af7a11f02873

    • SHA512

      1218dab072f3144304196c98f1b3c0494448929b8e6be35d5db88ef3dee0d0c12191f8cf3c94d8287195cde1af9a2a910a230d2e96f987e196e34ba00ae247c0

    • SSDEEP

      6144:Kjg5pk1GS0xX3lPtbNN/DNRgkpiZzjhDQ0oeGF91YVusYJx+9sisyYpFTOOzHTvP:Kg5pBHxXptbN5ZRgOiBjw/C0AWzFjPvP

    • Modifies WinLogon for persistence

    • UAC bypass

    • Adds policy Run key to start application

    • Disables RegEdit via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks