Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1904e94a1fcad70d9ee80f4962c8f62c9ee3b314918a5b0ec40125ea4b68cc64
-
Size
120KB
-
Sample
240417-xrwk6scd7y
-
MD5
fae4109c2a414b671e19b09376482c0f
-
SHA1
d46cd75921119564cfac62076128dcbd5a7e30d9
-
SHA256
1904e94a1fcad70d9ee80f4962c8f62c9ee3b314918a5b0ec40125ea4b68cc64
-
SHA512
72ce4265444059c5f2283e4349b0f098168009f2ed05a578e8216c5159b3771fb71f699b760ffc4edfd81a676fcc1d915febfaae22601a35a119bcea41b2aec1
-
SSDEEP
1536:27AKQiz7CFo0jg8NRXDccz8bEkCBXsreeXIZNSQgy6PM1:2UKQiUo0jxwskCB8rn8Hvc0
Static task
static1
Behavioral task
behavioral1
Sample
1904e94a1fcad70d9ee80f4962c8f62c9ee3b314918a5b0ec40125ea4b68cc64.dll
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
1904e94a1fcad70d9ee80f4962c8f62c9ee3b314918a5b0ec40125ea4b68cc64
-
Size
120KB
-
MD5
fae4109c2a414b671e19b09376482c0f
-
SHA1
d46cd75921119564cfac62076128dcbd5a7e30d9
-
SHA256
1904e94a1fcad70d9ee80f4962c8f62c9ee3b314918a5b0ec40125ea4b68cc64
-
SHA512
72ce4265444059c5f2283e4349b0f098168009f2ed05a578e8216c5159b3771fb71f699b760ffc4edfd81a676fcc1d915febfaae22601a35a119bcea41b2aec1
-
SSDEEP
1536:27AKQiz7CFo0jg8NRXDccz8bEkCBXsreeXIZNSQgy6PM1:2UKQiUo0jxwskCB8rn8Hvc0
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5