Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
pexels-ahmed-adly-1270184.jpg
-
Size
775KB
-
Sample
240419-yzf15aec92
-
MD5
ea4d214b6d466d9a08ae20ba2c74d0be
-
SHA1
c385d1ba44f56f072e9e676131de78e929b732bf
-
SHA256
4384080acf3ca56e86f046ed1848610b0fb496ce0e8e98560954497fc946ea6a
-
SHA512
c42bbfec09ceac884a221e53ec72e9059f52b8bcf1dc73f67c9aceb103a7c6b360bd90ad8908047c67d132228ae9cea64a82346ca6f7ed91347dddbc84e206d0
-
SSDEEP
12288:qiH5ywcxn/0h643fvsy+uPZ+MiozEe9MaQtn4s+bbh3+QYtkI:qS5aOv9+uEMio99Mh6VhpYiI
Static task
static1
Behavioral task
behavioral1
Sample
pexels-ahmed-adly-1270184.jpg
Resource
win11-20240412-en
Malware Config
Targets
-
-
Target
pexels-ahmed-adly-1270184.jpg
-
Size
775KB
-
MD5
ea4d214b6d466d9a08ae20ba2c74d0be
-
SHA1
c385d1ba44f56f072e9e676131de78e929b732bf
-
SHA256
4384080acf3ca56e86f046ed1848610b0fb496ce0e8e98560954497fc946ea6a
-
SHA512
c42bbfec09ceac884a221e53ec72e9059f52b8bcf1dc73f67c9aceb103a7c6b360bd90ad8908047c67d132228ae9cea64a82346ca6f7ed91347dddbc84e206d0
-
SSDEEP
12288:qiH5ywcxn/0h643fvsy+uPZ+MiozEe9MaQtn4s+bbh3+QYtkI:qS5aOv9+uEMio99Mh6VhpYiI
Score8/10-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1