Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f678cefbbe051d9bd0b664dd56912c2876b2fa06922d167e612ed6845f7c70d2
-
Size
65KB
-
Sample
240308-b8lawaca62
-
MD5
2edb2473f2f01f4068b1cc1ff321dfe0
-
SHA1
2a8f891a053e8a0f5ea7d5308eb28dccbc51b20a
-
SHA256
f678cefbbe051d9bd0b664dd56912c2876b2fa06922d167e612ed6845f7c70d2
-
SHA512
26fedf081e981bb85438a308caeaa5e6da067b85fb11e78f200eab1cf52f98cc53db0a78cabba39a138cd5db522a2b0dc0df13633ea18ed99b632f0ed03229bc
-
SSDEEP
1536:iWm8giUKT3MVaGwtdd9MrHQQ5QyUQf8sgsv21Qo4KXTmWNaJlmL:w8PPT3jZ9UQu8QpgsvqQxpWcmL
Static task
static1
Behavioral task
behavioral1
Sample
f678cefbbe051d9bd0b664dd56912c2876b2fa06922d167e612ed6845f7c70d2.exe
Resource
win7-20240220-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
f678cefbbe051d9bd0b664dd56912c2876b2fa06922d167e612ed6845f7c70d2
-
Size
65KB
-
MD5
2edb2473f2f01f4068b1cc1ff321dfe0
-
SHA1
2a8f891a053e8a0f5ea7d5308eb28dccbc51b20a
-
SHA256
f678cefbbe051d9bd0b664dd56912c2876b2fa06922d167e612ed6845f7c70d2
-
SHA512
26fedf081e981bb85438a308caeaa5e6da067b85fb11e78f200eab1cf52f98cc53db0a78cabba39a138cd5db522a2b0dc0df13633ea18ed99b632f0ed03229bc
-
SSDEEP
1536:iWm8giUKT3MVaGwtdd9MrHQQ5QyUQf8sgsv21Qo4KXTmWNaJlmL:w8PPT3jZ9UQu8QpgsvqQxpWcmL
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5