Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://www.bing.com...

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://www.bing.com/ck/a?!&&p=14f858ea69fe0128JmltdHM9MTcwODczMjgwMCZpZ3VpZD0yZWI2OWUwZC1kNjRjLTY0N2EtMTNkZC04YzdiZDc5ZTY1ZTkmaW5zaWQ9NTIwMw&ptn=3&ver=2&hsh=3&fclid=2eb69e0d-d64c-647a-13dd-8c7bd79e65e9&psq=spongebob+fun+pack+virus+download&u=a1aHR0cHM6Ly9naXRodWIuY29tL3BhbmtvemEyLXBsL1Nwb25nZWJvYk5vU2xlZXA&ntb=1

  • Sample

    240224-s7qyeafh68

Score
10/10
bootkitevasionpersistenceransomwaretrojan

Malware Config

Targets

    • Target

      https://www.bing.com/ck/a?!&&p=14f858ea69fe0128JmltdHM9MTcwODczMjgwMCZpZ3VpZD0yZWI2OWUwZC1kNjRjLTY0N2EtMTNkZC04YzdiZDc5ZTY1ZTkmaW5zaWQ9NTIwMw&ptn=3&ver=2&hsh=3&fclid=2eb69e0d-d64c-647a-13dd-8c7bd79e65e9&psq=spongebob+fun+pack+virus+download&u=a1aHR0cHM6Ly9naXRodWIuY29tL3BhbmtvemEyLXBsL1Nwb25nZWJvYk5vU2xlZXA&ntb=1

    Score
    10/10
    bootkitevasionpersistenceransomwaretrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks