Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

19/02/2024, 19:36

240219-ybhvtacc68 8

19/02/2024, 19:32

240219-x88xtsbe8x 8

General

  • Target

    MicrosoftEdgeWebview2Setup.exe

  • Size

    1.5MB

  • Sample

    240219-ybhvtacc68

  • MD5

    2fbe10e4233824fbea08ddf085d7df96

  • SHA1

    17068c55b3c15e1213436ba232bbd79d90985b31

  • SHA256

    5b01d964ced28c1ff850b4de05a71f386addd815a30c4a9ee210ef90619df58e

  • SHA512

    4c4d256d67b6aadea45b1677ab2f0b66bef385fa09127c4681389bdde214b35351b38121d651bf47734147afd4af063e2eb2e6ebf15436ad42f1533c42278fa4

  • SSDEEP

    49152:Py+3n/URd7ygwxXXOMzrn7yOcIEjg0VonVl:PyaC75wxXOMzr7yOAyVl

Malware Config

Targets

    • Target

      MicrosoftEdgeWebview2Setup.exe

    • Size

      1.5MB

    • MD5

      2fbe10e4233824fbea08ddf085d7df96

    • SHA1

      17068c55b3c15e1213436ba232bbd79d90985b31

    • SHA256

      5b01d964ced28c1ff850b4de05a71f386addd815a30c4a9ee210ef90619df58e

    • SHA512

      4c4d256d67b6aadea45b1677ab2f0b66bef385fa09127c4681389bdde214b35351b38121d651bf47734147afd4af063e2eb2e6ebf15436ad42f1533c42278fa4

    • SSDEEP

      49152:Py+3n/URd7ygwxXXOMzrn7yOcIEjg0VonVl:PyaC75wxXOMzr7yOAyVl

    • Downloads MZ/PE file

    • Modifies Installed Components in the registry

    • Sets file execution options in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks