Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9bb675f3a0231a29675dca6dfb1c990afb61f722cbe99f4c2891f21209bf6ccf
-
Size
4.1MB
-
Sample
240510-xx377sch2t
-
MD5
92dba39b74afa673ceb91de30dab9451
-
SHA1
870c378e9ebb35c5118a5f0b2f2f80df47661301
-
SHA256
9bb675f3a0231a29675dca6dfb1c990afb61f722cbe99f4c2891f21209bf6ccf
-
SHA512
7bc2381c8268d971c5573bf24d02631624d12603e8dd4037fe80c62bec7c3cd942937d89cded95d45aa9d39dc097a4498a35258c44f387a07b3060289840703c
-
SSDEEP
98304:cOx+yLAsWcX5ANOp80aGDbz4ZHRnWgYq13pS/Dvn0Yng1:ME1pj8JRnW2pojn0Yg1
Static task
static1
Behavioral task
behavioral1
Sample
9bb675f3a0231a29675dca6dfb1c990afb61f722cbe99f4c2891f21209bf6ccf.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
9bb675f3a0231a29675dca6dfb1c990afb61f722cbe99f4c2891f21209bf6ccf
-
Size
4.1MB
-
MD5
92dba39b74afa673ceb91de30dab9451
-
SHA1
870c378e9ebb35c5118a5f0b2f2f80df47661301
-
SHA256
9bb675f3a0231a29675dca6dfb1c990afb61f722cbe99f4c2891f21209bf6ccf
-
SHA512
7bc2381c8268d971c5573bf24d02631624d12603e8dd4037fe80c62bec7c3cd942937d89cded95d45aa9d39dc097a4498a35258c44f387a07b3060289840703c
-
SSDEEP
98304:cOx+yLAsWcX5ANOp80aGDbz4ZHRnWgYq13pS/Dvn0Yng1:ME1pj8JRnW2pojn0Yg1
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1