Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Winhost.zip
-
Size
1.1MB
-
Sample
240429-rhheasch31
-
MD5
988840294ac21239351ceacb7a01c680
-
SHA1
f7390cda074155f43447357eb6de66483b18e119
-
SHA256
13a74aca20ecf49679abd3c49265b931f9ae422a0c9fd76ca18dd7997f1c9871
-
SHA512
5375df4eddc2bc03efd5400b73237dc16a82537216e0fc0bf428d330b7e58f0a0998265779506eab4cafa23f897b771a4cb36cd2306f4fd07669a70e275b3b89
-
SSDEEP
24576:j4fiOigMi/TP3cHGEjV/lquTOlqyreIjUyC3cpP4/GlmOj:j45ZP3aGEHfTOlqyqIwyfdz
Static task
static1
Behavioral task
behavioral1
Sample
Winhost.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
Winhost.exe
Resource
win11-20240426-en
Behavioral task
behavioral3
Sample
Winhost.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral4
Sample
Winhost.exe
Resource
win11-20240426-en
Malware Config
Targets
-
-
Target
Winhost.dll
-
Size
1.0MB
-
MD5
95a23a0b51922fb8df0d48b3a41b807f
-
SHA1
23e3c80540e00bc1fae0fec17e2879b0c68bb0cc
-
SHA256
bb9491ed516e306ed5bc1399961545f18b79a3b6ad4414f7ec230e98826ad460
-
SHA512
ba1dfed05e74613a9a15442d8d92ff9f0703290567f7181b116bf1d514b2ab925908fb4fd5bff777273ef6832f56ecd0f5d1f760bcc7363ec947c95ad50c9850
-
SSDEEP
24576:E5A5tpc4ij533WbiEjVLl2uHYlUCreGjA8EPKpbc7:EIE333iiEXbHYlUCqGs8pV
Score1/10 -
-
-
Target
Winhost.exe
-
Size
139KB
-
MD5
b046a025e8e53fbd316629125c687c3d
-
SHA1
5fc76dc221a4287b706ecc57834e7ed848d41a46
-
SHA256
bc18713902edd2f64cae8d04bf37b8545a10c7882e3d3b1fb6f26a677f27434c
-
SHA512
be05f7f721d11733172f91d9aad622a86917ccac0e28817ab54d28d13510654755f40a986300d3b823d91fa041ee806823704e3537b2e31dd9de144ac25f7895
-
SSDEEP
3072:uiS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJA8ltE:uiS4ompB9S3BZi0a1G78IVhcSct
Score10/10-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables cmd.exe use via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1