Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
cb3dbf77aa358ff3cc291a3fe61f6f637ff883dd98a46971af9a5080ad4152e5
-
Size
120KB
-
Sample
240418-c2hf3sgg87
-
MD5
b27012ec736fa90fc93e6c0f2d192c63
-
SHA1
cfebed27985c679b099b991b8f18fd3b8483f05b
-
SHA256
cb3dbf77aa358ff3cc291a3fe61f6f637ff883dd98a46971af9a5080ad4152e5
-
SHA512
8b8bb31bca9cfef8c47e19722f8e217e45bb12d78a9b0a0cb97f073decbcd9ad7f251003129f087d98934704deb2baef1ca2b8f00ac40331c176a726fd33d641
-
SSDEEP
1536:HcuZf18X/OOwpQm1J5oidOyjbN4s5wk2GcobqKZrOxXPBwfMcQ2UUY3vcpVXfy5O:8uf5/B5oidv20wkSnmrOxpwfQzUk6vy
Static task
static1
Behavioral task
behavioral1
Sample
cb3dbf77aa358ff3cc291a3fe61f6f637ff883dd98a46971af9a5080ad4152e5.dll
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
cb3dbf77aa358ff3cc291a3fe61f6f637ff883dd98a46971af9a5080ad4152e5
-
Size
120KB
-
MD5
b27012ec736fa90fc93e6c0f2d192c63
-
SHA1
cfebed27985c679b099b991b8f18fd3b8483f05b
-
SHA256
cb3dbf77aa358ff3cc291a3fe61f6f637ff883dd98a46971af9a5080ad4152e5
-
SHA512
8b8bb31bca9cfef8c47e19722f8e217e45bb12d78a9b0a0cb97f073decbcd9ad7f251003129f087d98934704deb2baef1ca2b8f00ac40331c176a726fd33d641
-
SSDEEP
1536:HcuZf18X/OOwpQm1J5oidOyjbN4s5wk2GcobqKZrOxXPBwfMcQ2UUY3vcpVXfy5O:8uf5/B5oidv20wkSnmrOxpwfQzUk6vy
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5