Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9c2455673f5119d19819f58f846fca40

  • Size

    734KB

  • Sample

    240214-t12l1age33

  • MD5

    9c2455673f5119d19819f58f846fca40

  • SHA1

    91e0b1d9f055595642f65289464312d1c035939c

  • SHA256

    7aeb55f4385f6dad0f3a54a212f5ced8a3adf7349ac5fdc32d25e462b8128df9

  • SHA512

    4db51b225973e505d8eafe7e56ce5a135b386adadd464aad8099858d826aa35e57196f68e69e92d29bfcd293f1bf519953f6d9d7815c8a740b48207d9e9c69d3

  • SSDEEP

    12288:GDp20LiL+qI81leaplGt0y/2FEbkNvB5WlQ4URF42Brpkki6paTuB+/09HmEkqwG:kpd2+esapfEYNZ0S4+lBrpkki6ETuB+A

Malware Config

Targets

    • Target

      9c2455673f5119d19819f58f846fca40

    • Size

      734KB

    • MD5

      9c2455673f5119d19819f58f846fca40

    • SHA1

      91e0b1d9f055595642f65289464312d1c035939c

    • SHA256

      7aeb55f4385f6dad0f3a54a212f5ced8a3adf7349ac5fdc32d25e462b8128df9

    • SHA512

      4db51b225973e505d8eafe7e56ce5a135b386adadd464aad8099858d826aa35e57196f68e69e92d29bfcd293f1bf519953f6d9d7815c8a740b48207d9e9c69d3

    • SSDEEP

      12288:GDp20LiL+qI81leaplGt0y/2FEbkNvB5WlQ4URF42Brpkki6paTuB+/09HmEkqwG:kpd2+esapfEYNZ0S4+lBrpkki6ETuB+A

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks