Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
76f1dfc5095652b64e15a9ac0c97d104c6d9f5c373ab7286cb43e5b91e284b59
-
Size
4.1MB
-
Sample
240514-3tnw1aee9v
-
MD5
15395dc893d9a0ddb1bafdecd403642a
-
SHA1
d8b7a47f6e78b5c0c26eaa6062927de4d9a4f50b
-
SHA256
76f1dfc5095652b64e15a9ac0c97d104c6d9f5c373ab7286cb43e5b91e284b59
-
SHA512
10dd83c6bc26905c0ef619918c4b9efdf025b5e31923dcf1fa50618ef3db60ce7b90d310f2aa229c42f3ada34226ffefae8c3efa3771955e0765b10af0a6283b
-
SSDEEP
98304:FOEQv7p1EKwgW7O4vptwZo6T+WO0dzEY6Kk7ob384km+FfOI:Fr2p15ulARrO0d7kw84IGI
Static task
static1
Behavioral task
behavioral1
Sample
76f1dfc5095652b64e15a9ac0c97d104c6d9f5c373ab7286cb43e5b91e284b59.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
76f1dfc5095652b64e15a9ac0c97d104c6d9f5c373ab7286cb43e5b91e284b59
-
Size
4.1MB
-
MD5
15395dc893d9a0ddb1bafdecd403642a
-
SHA1
d8b7a47f6e78b5c0c26eaa6062927de4d9a4f50b
-
SHA256
76f1dfc5095652b64e15a9ac0c97d104c6d9f5c373ab7286cb43e5b91e284b59
-
SHA512
10dd83c6bc26905c0ef619918c4b9efdf025b5e31923dcf1fa50618ef3db60ce7b90d310f2aa229c42f3ada34226ffefae8c3efa3771955e0765b10af0a6283b
-
SSDEEP
98304:FOEQv7p1EKwgW7O4vptwZo6T+WO0dzEY6Kk7ob384km+FfOI:Fr2p15ulARrO0d7kw84IGI
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1