Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
09/04/2024, 12:27
240409-pmv5vaab7s 10General
-
Target
aPEs223
-
Size
395KB
-
Sample
240409-pmv5vaab7s
-
MD5
794b12db6df68064f3b6114f766507d7
-
SHA1
954270812e935601653e2a5e05ceaef2c4d060d3
-
SHA256
8b9d7d64cefc531f00cc9671bb5896058161af2a59e0728339e1fa07450eadce
-
SHA512
aa8aecb17e3d7e6488fe2f4e8015f579af6e0f36a100333df6e7acbf1f908c330c05a4782334441bff12dd87444e7d67cf35466dc56b691563b5c1aa3059c455
-
SSDEEP
6144:Z38TFJZ+LiSgRhDbwl3c68fKKebp+TDRRLSSqx1uDJe6M:yTFJZ+LaRpUld8fKKAEp1SSqxOJe6M
Malware Config
Targets
-
-
Target
aPEs223
-
Size
395KB
-
MD5
794b12db6df68064f3b6114f766507d7
-
SHA1
954270812e935601653e2a5e05ceaef2c4d060d3
-
SHA256
8b9d7d64cefc531f00cc9671bb5896058161af2a59e0728339e1fa07450eadce
-
SHA512
aa8aecb17e3d7e6488fe2f4e8015f579af6e0f36a100333df6e7acbf1f908c330c05a4782334441bff12dd87444e7d67cf35466dc56b691563b5c1aa3059c455
-
SSDEEP
6144:Z38TFJZ+LiSgRhDbwl3c68fKKebp+TDRRLSSqx1uDJe6M:yTFJZ+LaRpUld8fKKAEp1SSqxOJe6M
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
UAC bypass
-
Windows security bypass
-
Drops startup file
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2