Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
68a2c42f5e5c03827b424e1429170d79ea0529987ec07f4a2b76ef109bb7a888.exe
-
Size
1.6MB
-
Sample
240613-bq8cpasfjk
-
MD5
70467670cda5878ec6d1670c4b395318
-
SHA1
d32331447127bdf0656cf23a8587847c4251542a
-
SHA256
68a2c42f5e5c03827b424e1429170d79ea0529987ec07f4a2b76ef109bb7a888
-
SHA512
3a697125924e824223e30b0d04c4d2da1b00196900629f96cb78683cf6a42cd4a73a98df94126710cf139a6ddff472a7129167c91f8d11e891c26191c58414a4
-
SSDEEP
12288:Yq9Kz9XYHoV3/f13l+qefXfgaB2dj1z+Bhb3p18LB/0zHm8o:YUK6IV3/deYaB2djw3pSB0zG3
Malware Config
Targets
-
-
Target
68a2c42f5e5c03827b424e1429170d79ea0529987ec07f4a2b76ef109bb7a888.exe
-
Size
1.6MB
-
MD5
70467670cda5878ec6d1670c4b395318
-
SHA1
d32331447127bdf0656cf23a8587847c4251542a
-
SHA256
68a2c42f5e5c03827b424e1429170d79ea0529987ec07f4a2b76ef109bb7a888
-
SHA512
3a697125924e824223e30b0d04c4d2da1b00196900629f96cb78683cf6a42cd4a73a98df94126710cf139a6ddff472a7129167c91f8d11e891c26191c58414a4
-
SSDEEP
12288:Yq9Kz9XYHoV3/f13l+qefXfgaB2dj1z+Bhb3p18LB/0zHm8o:YUK6IV3/deYaB2djw3pSB0zG3
Score10/10-
UAC bypass
-
Windows security bypass
-
Detects executables packed with or use KoiVM
-
Adds policy Run key to start application
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2