Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
50f655b0e749f344954d4fcaeaa73cb90127cb43a134931d6d2c0b03760a0af8
-
Size
817KB
-
Sample
240417-ntqy2ade82
-
MD5
bf761c4b9d4e53c986ac7879ee109d31
-
SHA1
cc627662fa09682b7a3578db810632ff5a6d4f74
-
SHA256
50f655b0e749f344954d4fcaeaa73cb90127cb43a134931d6d2c0b03760a0af8
-
SHA512
f16cfa5b1d7bedaedee9d8ed6b9854c17100d76e05dec5ec9fc294462ed7c427d2e6351012615353bde50182f5a8d802d616bf7d84139e1d6b599963b08decd4
-
SSDEEP
12288:HX4f0LXn6gy2JB4/xqEh+fjOcjclijLWNQqLLBWifXLelTI7u0P8pkAwL+4p:3Xvyb/xzhcrszNQqLtWiSlTI7u0PAwRp
Static task
static1
Behavioral task
behavioral1
Sample
50f655b0e749f344954d4fcaeaa73cb90127cb43a134931d6d2c0b03760a0af8.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
50f655b0e749f344954d4fcaeaa73cb90127cb43a134931d6d2c0b03760a0af8
-
Size
817KB
-
MD5
bf761c4b9d4e53c986ac7879ee109d31
-
SHA1
cc627662fa09682b7a3578db810632ff5a6d4f74
-
SHA256
50f655b0e749f344954d4fcaeaa73cb90127cb43a134931d6d2c0b03760a0af8
-
SHA512
f16cfa5b1d7bedaedee9d8ed6b9854c17100d76e05dec5ec9fc294462ed7c427d2e6351012615353bde50182f5a8d802d616bf7d84139e1d6b599963b08decd4
-
SSDEEP
12288:HX4f0LXn6gy2JB4/xqEh+fjOcjclijLWNQqLLBWifXLelTI7u0P8pkAwL+4p:3Xvyb/xzhcrszNQqLtWiSlTI7u0PAwRp
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5