Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9c581c4cec9f25a55ee985d08ad3ba40a268aff6ea05aebff399c31f86b98065.exe
-
Size
3.3MB
-
Sample
240614-b3z7vazgmg
-
MD5
1869978103ed372145fbf14975f8c56e
-
SHA1
a15f53cb65e2ecfd3c5112711cceb30b9ab88257
-
SHA256
9c581c4cec9f25a55ee985d08ad3ba40a268aff6ea05aebff399c31f86b98065
-
SHA512
b306f831e52bc468ee862afc5909dd6e98f3fab2dca12cb2536f2f4dcdfd919bdf6290dee8dc9c5bffc5a52d808834a5489cb3f403af053bb805d66ce6ecd6a6
-
SSDEEP
24576:0Ln4nHjmrtOSkcMfMFQtpHv85qvdE/ta/7SyI:0LnUHjmb0EFQtpHE5qvdE/ADSb
Malware Config
Targets
-
-
Target
9c581c4cec9f25a55ee985d08ad3ba40a268aff6ea05aebff399c31f86b98065.exe
-
Size
3.3MB
-
MD5
1869978103ed372145fbf14975f8c56e
-
SHA1
a15f53cb65e2ecfd3c5112711cceb30b9ab88257
-
SHA256
9c581c4cec9f25a55ee985d08ad3ba40a268aff6ea05aebff399c31f86b98065
-
SHA512
b306f831e52bc468ee862afc5909dd6e98f3fab2dca12cb2536f2f4dcdfd919bdf6290dee8dc9c5bffc5a52d808834a5489cb3f403af053bb805d66ce6ecd6a6
-
SSDEEP
24576:0Ln4nHjmrtOSkcMfMFQtpHv85qvdE/ta/7SyI:0LnUHjmb0EFQtpHE5qvdE/ADSb
Score10/10-
UAC bypass
-
Windows security bypass
-
Detects executables packed with or use KoiVM
-
Adds policy Run key to start application
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2