Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bce9358187f87db6b269bac3c3e52edc

  • Size

    136KB

  • Sample

    240309-1wp6qsbh56

  • MD5

    bce9358187f87db6b269bac3c3e52edc

  • SHA1

    08042b0bc6e57a9d006631e35618ea7b97c22dbd

  • SHA256

    1d7339aa3f70900564d27bfa2700063c7f1dbae84a07e3a182ae351c7bba23d0

  • SHA512

    0073ffe9a0631003090f23a0e4862320a37faea3f6edce683d2ff64389227c29aebe3352b82e39a157291ba46ac15484b1a76ea003940f283436690fe77e908a

  • SSDEEP

    3072:lj4SxxPPsMP9xbbrMbvT0q8O1cZPzQ7IXMBc+AMP+QfQEhxFyVU7p6vIE:6SxxPPsMFZwvP6bQ7yMP+DE827MwE

Malware Config

Targets

    • Target

      bce9358187f87db6b269bac3c3e52edc

    • Size

      136KB

    • MD5

      bce9358187f87db6b269bac3c3e52edc

    • SHA1

      08042b0bc6e57a9d006631e35618ea7b97c22dbd

    • SHA256

      1d7339aa3f70900564d27bfa2700063c7f1dbae84a07e3a182ae351c7bba23d0

    • SHA512

      0073ffe9a0631003090f23a0e4862320a37faea3f6edce683d2ff64389227c29aebe3352b82e39a157291ba46ac15484b1a76ea003940f283436690fe77e908a

    • SSDEEP

      3072:lj4SxxPPsMP9xbbrMbvT0q8O1cZPzQ7IXMBc+AMP+QfQEhxFyVU7p6vIE:6SxxPPsMFZwvP6bQ7yMP+DE827MwE

    • Modifies security service

    • Windows security bypass

    • Looks for VMWare Tools registry key

    • Deletes itself

    • Executes dropped EXE

    • Windows security modification

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks