Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ad96e8e2dc661d59e25a8d7f2f3f1a79f4b0736f69d34a3bd0b4ba67357e8cce

  • Size

    446KB

  • Sample

    240406-bykxcshb62

  • MD5

    7117337199731d38da136f6f472fbb7a

  • SHA1

    be11f1e3de5d90c06ea5e76648f36a00266cf7de

  • SHA256

    ad96e8e2dc661d59e25a8d7f2f3f1a79f4b0736f69d34a3bd0b4ba67357e8cce

  • SHA512

    446f935e5510303e37a13abf7ee5ddc13a76bda6bfff5fe9a3e472cfe71f41eab61c7884f77cb7c4df5b6c6717c72985039efed789d5f7907df3879eb2a31f92

  • SSDEEP

    12288:gQ+Qu9yus9exo/2oweeKie/fU94ieeZXnAeou:8I9exo/2TeeKie/fe4ieepnAeou

Malware Config

Targets

    • Target

      ad96e8e2dc661d59e25a8d7f2f3f1a79f4b0736f69d34a3bd0b4ba67357e8cce

    • Size

      446KB

    • MD5

      7117337199731d38da136f6f472fbb7a

    • SHA1

      be11f1e3de5d90c06ea5e76648f36a00266cf7de

    • SHA256

      ad96e8e2dc661d59e25a8d7f2f3f1a79f4b0736f69d34a3bd0b4ba67357e8cce

    • SHA512

      446f935e5510303e37a13abf7ee5ddc13a76bda6bfff5fe9a3e472cfe71f41eab61c7884f77cb7c4df5b6c6717c72985039efed789d5f7907df3879eb2a31f92

    • SSDEEP

      12288:gQ+Qu9yus9exo/2oweeKie/fU94ieeZXnAeou:8I9exo/2TeeKie/fe4ieepnAeou

    • Modifies WinLogon for persistence

    • UPX dump on OEP (original entry point)

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Modifies system executable filetype association

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Modifies WinLogon

MITRE ATT&CK Enterprise v15

Tasks