Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    be838d8a3798aa2c819bc732169c4fda

  • Size

    1.7MB

  • Sample

    240310-nrn2nabg92

  • MD5

    be838d8a3798aa2c819bc732169c4fda

  • SHA1

    6947bbafb56885590e82c777b048e57313c1d71d

  • SHA256

    645377175c395442380c5127c969b233e7e419b34699338b35ac12019e9a4d9e

  • SHA512

    bc8091ca319aa4058d37864a757ca108b44ff18da04ddf3dacce6ac3bf943454201aed7047491f4546340fa74456c3a27ce0adf2b60d771606597923d327d41c

  • SSDEEP

    49152:ZdfNsO2VaBicRmu1sJhAb547NSOzAv62Szj4:yWgFiqSOzAv62K4

Malware Config

Targets

    • Target

      be838d8a3798aa2c819bc732169c4fda

    • Size

      1.7MB

    • MD5

      be838d8a3798aa2c819bc732169c4fda

    • SHA1

      6947bbafb56885590e82c777b048e57313c1d71d

    • SHA256

      645377175c395442380c5127c969b233e7e419b34699338b35ac12019e9a4d9e

    • SHA512

      bc8091ca319aa4058d37864a757ca108b44ff18da04ddf3dacce6ac3bf943454201aed7047491f4546340fa74456c3a27ce0adf2b60d771606597923d327d41c

    • SSDEEP

      49152:ZdfNsO2VaBicRmu1sJhAb547NSOzAv62Szj4:yWgFiqSOzAv62K4

    • Disables Task Manager via registry modification

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks