Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
WinXP.Horror.Destructive.zip
-
Size
99.7MB
-
Sample
240425-zb7plsed68
-
MD5
f7572a073fda0e1091cb46c72f62fe66
-
SHA1
4c7dee38ab3679fab48140244bd76041378e1a34
-
SHA256
8fb8556995728abee56a5120816a9768741635b489b1040a946153d06c031a9f
-
SHA512
a3f78f27abb1478de129ecc846d7541ca4f178504f3216a220b87e1b839822dad68d917ded88fee6045cff875351789438893554032d1d00553b0d951516ffca
-
SSDEEP
3145728:cIc1NZmpHTTrzAFHe6KKG/fOEtoc/oAGp8pN:83urzKHedzfrtqEN
Malware Config
Targets
-
-
Target
WinXP.Horror.Destructive.exe
-
Size
57.9MB
-
MD5
063ea883f8c67d3bb22e0a465136ca4c
-
SHA1
3a168a9153ee32b86d9a5411b0af13846c55ee1d
-
SHA256
3b64ce283febf3207dd20c99fc53de65b07044231eb544c4c41de374a2571c5c
-
SHA512
2dd6be23a5af8c458b94eeb5a4e83fc8cacb3fd2c2566b5682eee286c01726dca90db3d9b4e218eeded9b0c9bce8ba3c9ca9cc497e3a57aab580633a038e4b74
-
SSDEEP
1572864:aj6L5PLk/mBCSyKOYl39GFoFEujFMm+B997DaNHN1oS72fnD9hRzZ01tO0DpvrvI:i6cSzV9GCFEujFMm+B997DaNHN1oS72X
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1