Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ad9e213371def953f33a43461e9e6630
-
Size
240KB
-
Sample
240229-ee99pacg2s
-
MD5
ad9e213371def953f33a43461e9e6630
-
SHA1
98fc4e34879ad76ae460f799a14cc7d4ceab109e
-
SHA256
5feb9bcecc3733f53313b37131391a9679de7cec617aa118c90adb8fa5f6a7a0
-
SHA512
e5b6554370c8d7cad82979180637511b994d22edf9a24281107917092de5fb60a9804888280dc4bb1050f95d80e23c848619d9902c4f7a0da9bb12a4d9299f2b
-
SSDEEP
6144:g77v/p3qOZouTiy64tWH0OVxePeazTSIYnz:g7753qOrK9VxePe+Sd
Malware Config
Targets
-
-
Target
ad9e213371def953f33a43461e9e6630
-
Size
240KB
-
MD5
ad9e213371def953f33a43461e9e6630
-
SHA1
98fc4e34879ad76ae460f799a14cc7d4ceab109e
-
SHA256
5feb9bcecc3733f53313b37131391a9679de7cec617aa118c90adb8fa5f6a7a0
-
SHA512
e5b6554370c8d7cad82979180637511b994d22edf9a24281107917092de5fb60a9804888280dc4bb1050f95d80e23c848619d9902c4f7a0da9bb12a4d9299f2b
-
SSDEEP
6144:g77v/p3qOZouTiy64tWH0OVxePeazTSIYnz:g7753qOrK9VxePe+Sd
Score10/10-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1