Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f3976d94b40d31fc49e46477679a31d674cc1cb3cc20af122a03809c4dfb373c
-
Size
120KB
-
Sample
240308-b5rngsch4s
-
MD5
dc3f80d788dc9ed7e853500cb434a3dc
-
SHA1
8b992a3c39eff3bc4c841414df9f76c2c8d2586c
-
SHA256
f3976d94b40d31fc49e46477679a31d674cc1cb3cc20af122a03809c4dfb373c
-
SHA512
613640cbea5f198e7b20f09974842dc0c1b62e876a9adda6ea2d3ca9ac18ffd5ab4b024584fdbb951b0d25cb9731d2af69fc990b519633e932e1b1c2a22eaf55
-
SSDEEP
1536:J2qA6JtJpQ1P0x27nmyIm8PG8f75Lb2f8i3mhvOUIdwuhrnay0I2Wiw:J2qAuziPGZP9lmhMvRIdlh2LI2w
Static task
static1
Behavioral task
behavioral1
Sample
f3976d94b40d31fc49e46477679a31d674cc1cb3cc20af122a03809c4dfb373c.dll
Resource
win7-20240215-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
f3976d94b40d31fc49e46477679a31d674cc1cb3cc20af122a03809c4dfb373c
-
Size
120KB
-
MD5
dc3f80d788dc9ed7e853500cb434a3dc
-
SHA1
8b992a3c39eff3bc4c841414df9f76c2c8d2586c
-
SHA256
f3976d94b40d31fc49e46477679a31d674cc1cb3cc20af122a03809c4dfb373c
-
SHA512
613640cbea5f198e7b20f09974842dc0c1b62e876a9adda6ea2d3ca9ac18ffd5ab4b024584fdbb951b0d25cb9731d2af69fc990b519633e932e1b1c2a22eaf55
-
SSDEEP
1536:J2qA6JtJpQ1P0x27nmyIm8PG8f75Lb2f8i3mhvOUIdwuhrnay0I2Wiw:J2qAuziPGZP9lmhMvRIdlh2LI2w
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5