Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    https://www.bing.com/ck/a?!&&p=14f858ea69fe0128JmltdHM9MTcwODczMjgwMCZpZ3VpZD0yZWI2OWUwZC1kNjRjLTY0N2EtMTNkZC04YzdiZDc5ZTY1ZTkmaW5zaWQ9NTIwMw&ptn=3&ver=2&hsh=3&fclid=2eb69e0d-d64c-647a-13dd-8c7bd79e65e9&psq=spongebob+fun+pack+virus+download&u=a1aHR0cHM6Ly9naXRodWIuY29tL3BhbmtvemEyLXBsL1Nwb25nZWJvYk5vU2xlZXA&ntb=1

  • Sample

    240224-s7qyeafh68

Malware Config

Targets

    • Target

      https://www.bing.com/ck/a?!&&p=14f858ea69fe0128JmltdHM9MTcwODczMjgwMCZpZ3VpZD0yZWI2OWUwZC1kNjRjLTY0N2EtMTNkZC04YzdiZDc5ZTY1ZTkmaW5zaWQ9NTIwMw&ptn=3&ver=2&hsh=3&fclid=2eb69e0d-d64c-647a-13dd-8c7bd79e65e9&psq=spongebob+fun+pack+virus+download&u=a1aHR0cHM6Ly9naXRodWIuY29tL3BhbmtvemEyLXBsL1Nwb25nZWJvYk5vU2xlZXA&ntb=1

    • Modifies WinLogon for persistence

    • UAC bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks