Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9a704018edf1e84427fbce1d4e3bafc9
-
Size
68KB
-
Sample
240214-b2q8jsdg8v
-
MD5
9a704018edf1e84427fbce1d4e3bafc9
-
SHA1
5d436c01639c95b3db0520416b902e849d7805c4
-
SHA256
f020f1e1380c95c141db08ca8f636ef60734b22242cbfbe55d77e32e6a6a6ecd
-
SHA512
7531236d79b62e5e2cb5c0710c270a3c10ef9b1d1cbee7f0b8d0f871df81daa1800020205645d612478aef089ce92400815c76939d64463d10c115bf8a4cc9ae
-
SSDEEP
1536:UOEVqZF3uikZBYHO9xEUHDIIRkYq6R/d3H8ZV:UfAFe3zYHO9xzHDIIx1R/d8
Static task
static1
Behavioral task
behavioral1
Sample
9a704018edf1e84427fbce1d4e3bafc9.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
9a704018edf1e84427fbce1d4e3bafc9.exe
Resource
win10v2004-20231222-en
Malware Config
Targets
-
-
Target
9a704018edf1e84427fbce1d4e3bafc9
-
Size
68KB
-
MD5
9a704018edf1e84427fbce1d4e3bafc9
-
SHA1
5d436c01639c95b3db0520416b902e849d7805c4
-
SHA256
f020f1e1380c95c141db08ca8f636ef60734b22242cbfbe55d77e32e6a6a6ecd
-
SHA512
7531236d79b62e5e2cb5c0710c270a3c10ef9b1d1cbee7f0b8d0f871df81daa1800020205645d612478aef089ce92400815c76939d64463d10c115bf8a4cc9ae
-
SSDEEP
1536:UOEVqZF3uikZBYHO9xEUHDIIRkYq6R/d3H8ZV:UfAFe3zYHO9xzHDIIx1R/d8
Score10/10-
Modifies firewall policy service
-
Executes dropped EXE
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1