Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    TEST.exe

  • Size

    923KB

  • Sample

    240610-whz2kavgmm

  • MD5

    d057b17b2d07a9bf556180a6246c2fdc

  • SHA1

    c33aebf5bee8ba6624ab825c5def329d7cb1fe53

  • SHA256

    8ba707a469375950af9c99ea7002073c249e6590b5f6b1e00bd57513bf91bdbb

  • SHA512

    bf359ca5d52b52fb19a11053066fb836aa4f2cbfd66c728ab94d89d4d066ff21c320a9bdfa96343394fb11a2edc68b3bdf64072bc3cc07fd0ca78d94a87f5ca4

  • SSDEEP

    12288:uyXnShmoqyGN9QF4Px3nNQLyNOGYmvOgeEFVPNpHChN6zGZu0uQlVgaPg5xxXRna:56NGTbJKLwemPTVpHCSbwaT1rXH

Malware Config

Targets

    • Target

      TEST.exe

    • Size

      923KB

    • MD5

      d057b17b2d07a9bf556180a6246c2fdc

    • SHA1

      c33aebf5bee8ba6624ab825c5def329d7cb1fe53

    • SHA256

      8ba707a469375950af9c99ea7002073c249e6590b5f6b1e00bd57513bf91bdbb

    • SHA512

      bf359ca5d52b52fb19a11053066fb836aa4f2cbfd66c728ab94d89d4d066ff21c320a9bdfa96343394fb11a2edc68b3bdf64072bc3cc07fd0ca78d94a87f5ca4

    • SSDEEP

      12288:uyXnShmoqyGN9QF4Px3nNQLyNOGYmvOgeEFVPNpHChN6zGZu0uQlVgaPg5xxXRna:56NGTbJKLwemPTVpHCSbwaT1rXH

    • UAC bypass

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Disables Task Manager via registry modification

    • Stops running service(s)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks