Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7b514b21b4a46f94468a9a94f0d2e382bd142a295bb69e6cc3ee2afa59cb554d
-
Size
120KB
-
Sample
240418-3n9lhsbd2v
-
MD5
3385f70bae0b0a65bace68b5f5efa1c1
-
SHA1
d37748dc4a135cb2423f0d26a3b830281a30e1ea
-
SHA256
7b514b21b4a46f94468a9a94f0d2e382bd142a295bb69e6cc3ee2afa59cb554d
-
SHA512
4bf6ad9c90103404d2d8a51cc665c6e4d2cf571c3f928ac9ae43d22d20e3427d367dd9c574f8eceac5477a2edcaae50d9d3af1aae8bf87749a4733c871c021d6
-
SSDEEP
1536:mxJp5PC/nSFBbKmuPRA9zqaw+rKfnFH953Vw9qsni7XeBMQKwIlN:mZ5/HbKpPkOaw+oFHvFafiMMzwoN
Static task
static1
Behavioral task
behavioral1
Sample
7b514b21b4a46f94468a9a94f0d2e382bd142a295bb69e6cc3ee2afa59cb554d.dll
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
7b514b21b4a46f94468a9a94f0d2e382bd142a295bb69e6cc3ee2afa59cb554d
-
Size
120KB
-
MD5
3385f70bae0b0a65bace68b5f5efa1c1
-
SHA1
d37748dc4a135cb2423f0d26a3b830281a30e1ea
-
SHA256
7b514b21b4a46f94468a9a94f0d2e382bd142a295bb69e6cc3ee2afa59cb554d
-
SHA512
4bf6ad9c90103404d2d8a51cc665c6e4d2cf571c3f928ac9ae43d22d20e3427d367dd9c574f8eceac5477a2edcaae50d9d3af1aae8bf87749a4733c871c021d6
-
SSDEEP
1536:mxJp5PC/nSFBbKmuPRA9zqaw+rKfnFH953Vw9qsni7XeBMQKwIlN:mZ5/HbKpPkOaw+oFHvFafiMMzwoN
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5