Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c01b52dfca6d9a81e3b18d6cad0d2f803ecc9b23b9dd8cfe48fbdf1df7c68922.exe
-
Size
29KB
-
Sample
240312-dmrlwaef4s
-
MD5
ba9855a21f4aafb56b2948fa0411ef95
-
SHA1
8be5e63aa2a2b2d1fb849de9f45de87d35d0d4b9
-
SHA256
c01b52dfca6d9a81e3b18d6cad0d2f803ecc9b23b9dd8cfe48fbdf1df7c68922
-
SHA512
ef04b3db052f49ab19afc4e06a0fc16bfd4b9fd85ccf49a6fbdeeddd0be34489b76ec5843f39ca21e019f1e4f329b1224e1fd211a87a5873491e3ab2bfd61260
-
SSDEEP
384:uAs+IKyt872iSzG3X7/DVl32f6L4wzz3GDC/OJam3Af+EXZlv/wprkjb4JleG+r/:1sbPwDDSSswScK3Q+EXsg4JloB
Malware Config
Targets
-
-
Target
c01b52dfca6d9a81e3b18d6cad0d2f803ecc9b23b9dd8cfe48fbdf1df7c68922.exe
-
Size
29KB
-
MD5
ba9855a21f4aafb56b2948fa0411ef95
-
SHA1
8be5e63aa2a2b2d1fb849de9f45de87d35d0d4b9
-
SHA256
c01b52dfca6d9a81e3b18d6cad0d2f803ecc9b23b9dd8cfe48fbdf1df7c68922
-
SHA512
ef04b3db052f49ab19afc4e06a0fc16bfd4b9fd85ccf49a6fbdeeddd0be34489b76ec5843f39ca21e019f1e4f329b1224e1fd211a87a5873491e3ab2bfd61260
-
SSDEEP
384:uAs+IKyt872iSzG3X7/DVl32f6L4wzz3GDC/OJam3Af+EXZlv/wprkjb4JleG+r/:1sbPwDDSSswScK3Q+EXsg4JloB
Score10/10-
UAC bypass
-
Windows security bypass
-
Contacts a large (4270) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Detects executables packed with or use KoiVM
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Windows security modification
-
Checks whether UAC is enabled
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
4