Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

25/06/2024, 14:16

240625-rk7rzaxfnl 8

25/06/2024, 14:12

240625-rh4yasvbkd 4

25/06/2024, 14:09

240625-rf6dcavajh 3

25/06/2024, 14:05

240625-rdz4jsxcjq 3

General

  • Target

    Eclipse IDE for Java Developers - 2021-12.lnk

  • Size

    983B

  • Sample

    240625-rk7rzaxfnl

  • MD5

    ec646032b10ae10d5563116c3df8a05b

  • SHA1

    1cb70a9ea2722560a2d3584be4a1a5b1c7afee1e

  • SHA256

    609ea91e7738bfb4d80edbb7deeb77ba075ce7bd153aeade7939e917ac20500c

  • SHA512

    07d7cfc50c2176c733485564338485e286be18d7c4d5ffd6158322196928d7c0bf4fea35d97dbe56f28712a5835a445e531fa9b6ad8d55c7cb07ac2dea35bae9

Malware Config

Targets

    • Target

      Eclipse IDE for Java Developers - 2021-12.lnk

    • Size

      983B

    • MD5

      ec646032b10ae10d5563116c3df8a05b

    • SHA1

      1cb70a9ea2722560a2d3584be4a1a5b1c7afee1e

    • SHA256

      609ea91e7738bfb4d80edbb7deeb77ba075ce7bd153aeade7939e917ac20500c

    • SHA512

      07d7cfc50c2176c733485564338485e286be18d7c4d5ffd6158322196928d7c0bf4fea35d97dbe56f28712a5835a445e531fa9b6ad8d55c7cb07ac2dea35bae9

    • Drops file in Drivers directory

    • Manipulates Digital Signatures

      Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

    • Boot or Logon Autostart Execution: Print Processors

      Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    • Modifies termsrv.dll

      Commonly used to allow simultaneous RDP sessions.

MITRE ATT&CK Enterprise v15

Tasks