Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Eclipse IDE for Java Developers - 2021-12.lnk
-
Size
983B
-
Sample
240625-rk7rzaxfnl
-
MD5
ec646032b10ae10d5563116c3df8a05b
-
SHA1
1cb70a9ea2722560a2d3584be4a1a5b1c7afee1e
-
SHA256
609ea91e7738bfb4d80edbb7deeb77ba075ce7bd153aeade7939e917ac20500c
-
SHA512
07d7cfc50c2176c733485564338485e286be18d7c4d5ffd6158322196928d7c0bf4fea35d97dbe56f28712a5835a445e531fa9b6ad8d55c7cb07ac2dea35bae9
Malware Config
Targets
-
-
Target
Eclipse IDE for Java Developers - 2021-12.lnk
-
Size
983B
-
MD5
ec646032b10ae10d5563116c3df8a05b
-
SHA1
1cb70a9ea2722560a2d3584be4a1a5b1c7afee1e
-
SHA256
609ea91e7738bfb4d80edbb7deeb77ba075ce7bd153aeade7939e917ac20500c
-
SHA512
07d7cfc50c2176c733485564338485e286be18d7c4d5ffd6158322196928d7c0bf4fea35d97dbe56f28712a5835a445e531fa9b6ad8d55c7cb07ac2dea35bae9
Score8/10-
Drops file in Drivers directory
-
Manipulates Digital Signatures
Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
-
Boot or Logon Autostart Execution: Print Processors
Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
Modifies termsrv.dll
Commonly used to allow simultaneous RDP sessions.
-