Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

28/02/2024, 22:50 UTC

240228-2r96safg3y 1

28/02/2024, 22:03 UTC

240228-1yhjnseh8v 1

28/02/2024, 21:27 UTC

240228-1atl2aec87 6

28/02/2024, 19:57 UTC

240228-ypmqxscd8y 8

28/02/2024, 19:56 UTC

240228-ynzzvsce79 1

28/02/2024, 19:08 UTC

240228-xs7ptsbf2s 6

General

  • Target

    http://jhvy6hnubgth rn

  • Sample

    240228-ypmqxscd8y

Malware Config

Targets

    • Target

      http://jhvy6hnubgth rn

    • Downloads MZ/PE file

    • Modifies Installed Components in the registry

    • Sets file execution options in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Legitimate hosting services abused for malware hosting/C2

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.