Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d4aed79ddef563c220244e18d78ef02001992d155fd4a9ffd390c1b79243ab37

  • Size

    5.9MB

  • Sample

    240531-d3jk7sdf4x

  • MD5

    a0fa87eb1932bed5a9c9d3688705e0b9

  • SHA1

    63b7118221989b4c9c8b599d130cd69edc20b202

  • SHA256

    d4aed79ddef563c220244e18d78ef02001992d155fd4a9ffd390c1b79243ab37

  • SHA512

    85a84e59ad3a125854413770bb36659e9253250cf41f797bf82a73bf8ad6229cc838cbe4687973d36eab26e3a4afbedf03d17fad0cccca378ba0411f4985690a

  • SSDEEP

    6144:f3ue8ySm8hQAAIfFrRXuEE+0l97mKwKQXqHVv86JQPDHDdx/Qtqa:9/zkFF+EExZmKbyuVvPJQPDHvd

Malware Config

Targets

    • Target

      d4aed79ddef563c220244e18d78ef02001992d155fd4a9ffd390c1b79243ab37

    • Size

      5.9MB

    • MD5

      a0fa87eb1932bed5a9c9d3688705e0b9

    • SHA1

      63b7118221989b4c9c8b599d130cd69edc20b202

    • SHA256

      d4aed79ddef563c220244e18d78ef02001992d155fd4a9ffd390c1b79243ab37

    • SHA512

      85a84e59ad3a125854413770bb36659e9253250cf41f797bf82a73bf8ad6229cc838cbe4687973d36eab26e3a4afbedf03d17fad0cccca378ba0411f4985690a

    • SSDEEP

      6144:f3ue8ySm8hQAAIfFrRXuEE+0l97mKwKQXqHVv86JQPDHDdx/Qtqa:9/zkFF+EExZmKbyuVvPJQPDHvd

    • Modifies WinLogon for persistence

    • UAC bypass

    • Adds policy Run key to start application

    • Disables RegEdit via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks