Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Seven.zip

  • Size

    941KB

  • Sample

    240430-yzat4sgg95

  • MD5

    add36886ca27cb68edf857683c7ee095

  • SHA1

    43f7dbdcd711f2559ec365899a24dfe9f08affe0

  • SHA256

    87f596c598f0121d44da56413452beb2e4e30e2811b042ea51bc725e76f6f85c

  • SHA512

    af43de3cfebf86a86016599e18ec96b1763956c1119df17ffea78dd187b5bb9afd2e71c312cbd616f3947fb468fd4d7984a537758586b80830991afd78b602aa

  • SSDEEP

    24576:Z1WJQK9uq3HLViydbpQ96YTD3hz2ITmQHL2HmWhGilz:nWDuqZhdw6YX3p2cxhm

Score
10/10

Malware Config

Targets

    • Target

      Seven.dll

    • Size

      873KB

    • MD5

      69d03bfee77792608d025663fda3f818

    • SHA1

      75d53668cd5d7cbebe48130ddf56d4e79903cc52

    • SHA256

      71334ed96ff3420f7af50a8a34c911b716522faaa116eb07f3a4044dc4e215bd

    • SHA512

      e90a745b1e82911fee31299c445e7910e16afde0e6d255b1eae41b02e896dd6790bced83d3927bb76da5d3c9a294ae9420ba7b278253cf1447abd2fdebc774a5

    • SSDEEP

      24576:Xnsi9iqjHnVuydxDQbwuT1RZzaI7y0HxwHyWDm:Xfiqxld+wuRRBa6dh

    Score
    1/10
    • Target

      Seven.exe

    • Size

      139KB

    • MD5

      350273e0d2e8a9ba5e37b791016112a0

    • SHA1

      5bfb616dd46f67d1dcbbff55ca5917ffc1ec8b71

    • SHA256

      27297bf8139bea755e9297e7e1489d827d1ee09a8e1d94a3ef96a2edb2de61ba

    • SHA512

      b1e768524b4e840bd5f4163205122dd1725583245d8bfd5cbd89eb21a5fb9d33aff1b7b0ca42132b7dae469e025068ae663b3b02ad59927a558dc340141ec91b

    • SSDEEP

      3072:miS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJd8ltw:miS4ompB9S3BZi0a1G78IVhcTct

    Score
    10/10
    • Modifies Windows Defender Real-time Protection settings

    • UAC bypass

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Disables cmd.exe use via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Windows security modification

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks