Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Eleven.exe
-
Size
245KB
-
Sample
240513-tkpbqsea93
-
MD5
fe7e313a10d6c8b7f3520851a31b479a
-
SHA1
af28d7f96404be348f5d8f354169ed0d7ad5660a
-
SHA256
d50ebf3a3a55e22195e53edd557618e2d9b0d4903a14bae33dcd1351e16590a3
-
SHA512
9cafc803381301cc73a781f21fb63c3c27b4cdb60bf0857c03b2a4661cbc5a2aa20d069e44fbb9bdd76626093e38b4b770facf93e6e9e6c63ce8b774620f569a
-
SSDEEP
6144:Nx/LcTEyF1dH3VOVw44UOisbaxHUsAxyOzk9jAUdubJ:MBREcUkHxy8yAb
Static task
static1
Behavioral task
behavioral1
Sample
Eleven.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
Eleven.exe
Resource
win11-20240508-en
Malware Config
Targets
-
-
Target
Eleven.exe
-
Size
245KB
-
MD5
fe7e313a10d6c8b7f3520851a31b479a
-
SHA1
af28d7f96404be348f5d8f354169ed0d7ad5660a
-
SHA256
d50ebf3a3a55e22195e53edd557618e2d9b0d4903a14bae33dcd1351e16590a3
-
SHA512
9cafc803381301cc73a781f21fb63c3c27b4cdb60bf0857c03b2a4661cbc5a2aa20d069e44fbb9bdd76626093e38b4b770facf93e6e9e6c63ce8b774620f569a
-
SSDEEP
6144:Nx/LcTEyF1dH3VOVw44UOisbaxHUsAxyOzk9jAUdubJ:MBREcUkHxy8yAb
Score10/10-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables cmd.exe use via registry modification
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1