Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
RingHeads32.exe
-
Size
972KB
-
Sample
240609-l4yerahh24
-
MD5
84af1f287a3d118351bc38b5007fac8c
-
SHA1
05c91329c785dba40d3432901301ca58d47d6ebc
-
SHA256
48cbcc608b355b5612e8171700242d3a2f8a49515fa4e1b7fd0f4abbf55ff3b6
-
SHA512
10ee5c06a7321a9201fe80da5354a135e055cf0faef035f4c410930c8fc3c37030857f8dddf159393d48e725c97cf2dbd4d9bea0968520d91938755a935c73a0
-
SSDEEP
24576:wtA4KdTL5OqJs1t4XPiwKLSaLk18DxQ/0dSLFX/qKInU53NBvmyRMM:VdTlOCs1CiwKLSaQ1gddUFX/DIm3feyN
Malware Config
Targets
-
-
Target
RingHeads32.exe
-
Size
972KB
-
MD5
84af1f287a3d118351bc38b5007fac8c
-
SHA1
05c91329c785dba40d3432901301ca58d47d6ebc
-
SHA256
48cbcc608b355b5612e8171700242d3a2f8a49515fa4e1b7fd0f4abbf55ff3b6
-
SHA512
10ee5c06a7321a9201fe80da5354a135e055cf0faef035f4c410930c8fc3c37030857f8dddf159393d48e725c97cf2dbd4d9bea0968520d91938755a935c73a0
-
SSDEEP
24576:wtA4KdTL5OqJs1t4XPiwKLSaLk18DxQ/0dSLFX/qKInU53NBvmyRMM:VdTlOCs1CiwKLSaQ1gddUFX/DIm3feyN
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-