Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
240214-ej2s4shf39_pw_infected.zip
-
Size
192KB
-
Sample
240214-erxjcsgf8z
-
MD5
216b05a02283bcad19054588e6c5e067
-
SHA1
9b07b765543a016159330d3c46fa780860cb4638
-
SHA256
a0f267ce25b8317beea96b42dd1d0b4e211a873cac9b2e3bcfff89f8d1c514e0
-
SHA512
4b3ea98a3148f1badb8c93c7ba0d464b0c4c1bfd663ab765190cab246cd85fce85335682521b3f13ff71afa6d8bdec77e09d4a36c1fa374043b24027f7c49a8d
-
SSDEEP
3072:5D6wDnWgK1YOfMVWVWyCV7qFKF5B439+qLSyWIn6N/JVvcyOUwzz0ttSAeDcymMc:5HLw8WxCVW+5BxNyWIi/T9OJoP72a
Behavioral task
behavioral1
Sample
Keygen.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Keygen.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
Keygen.exe
-
Size
200KB
-
MD5
9718045f5002b741172a6c659e3b97fd
-
SHA1
101403393b50c9de54efc4370d078922ba5f7c47
-
SHA256
2a8eea400ff4d71f70d7d3b5d5ff6e636a98c84fbcb6217d5ac705a10a3b1fa7
-
SHA512
2a68394fba1c7585d8c37fd5811285d064579a411e7d7b0616a17164f3ddccc15557e35062b03f3c5a4634b00913dad71d1756d94683571dedab8423372a9a88
-
SSDEEP
3072:9EbmpgY+Iu0VSdVe4DOprtjG+URYEPZL4jAoI0PRy2XDZd+p6ewDejhqrY5S/+9T:O93Iwe4qDjGR/y0oDdNd+E2qrvWIMk
Score10/10-
Modifies firewall policy service
-
Downloads MZ/PE file
-
Modifies AppInit DLL entries
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Create or Modify System Process
1Windows Service
1