Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    pexels-ahmed-adly-1270184.jpg

  • Size

    775KB

  • Sample

    240419-yzf15aec92

  • MD5

    ea4d214b6d466d9a08ae20ba2c74d0be

  • SHA1

    c385d1ba44f56f072e9e676131de78e929b732bf

  • SHA256

    4384080acf3ca56e86f046ed1848610b0fb496ce0e8e98560954497fc946ea6a

  • SHA512

    c42bbfec09ceac884a221e53ec72e9059f52b8bcf1dc73f67c9aceb103a7c6b360bd90ad8908047c67d132228ae9cea64a82346ca6f7ed91347dddbc84e206d0

  • SSDEEP

    12288:qiH5ywcxn/0h643fvsy+uPZ+MiozEe9MaQtn4s+bbh3+QYtkI:qS5aOv9+uEMio99Mh6VhpYiI

Score
8/10

Malware Config

Targets

    • Target

      pexels-ahmed-adly-1270184.jpg

    • Size

      775KB

    • MD5

      ea4d214b6d466d9a08ae20ba2c74d0be

    • SHA1

      c385d1ba44f56f072e9e676131de78e929b732bf

    • SHA256

      4384080acf3ca56e86f046ed1848610b0fb496ce0e8e98560954497fc946ea6a

    • SHA512

      c42bbfec09ceac884a221e53ec72e9059f52b8bcf1dc73f67c9aceb103a7c6b360bd90ad8908047c67d132228ae9cea64a82346ca6f7ed91347dddbc84e206d0

    • SSDEEP

      12288:qiH5ywcxn/0h643fvsy+uPZ+MiozEe9MaQtn4s+bbh3+QYtkI:qS5aOv9+uEMio99Mh6VhpYiI

    Score
    8/10
    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks