Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    WindowsActivator.exe

  • Size

    76.4MB

  • Sample

    240628-1ydwgstbng

  • MD5

    69838601444c5204e22110501d97fd79

  • SHA1

    b7bf7e0969e27beee6b4a8fa24c57e114d1b9343

  • SHA256

    9d24afb0f2c6c019c98f7dd31c77b11cca6fe113a937d6a697bb24bc528546c8

  • SHA512

    424edc76ed6def3e92ccd00508070b3d8b5d422214f25d8e06b80efa18684293e32c06726df081625a98718288f02fe96e0f0381921b2b7900dfee2ccd84db8c

  • SSDEEP

    1572864:zviEKlFcSk8IpG7V+VPhqYdfME7ZlH/iYweyJulZUdgu0WVvj1GGRqZ9U:zvZKISkB05awcfvdQpuK0c7c9U

Malware Config

Targets

    • Target

      WindowsActivator.exe

    • Size

      76.4MB

    • MD5

      69838601444c5204e22110501d97fd79

    • SHA1

      b7bf7e0969e27beee6b4a8fa24c57e114d1b9343

    • SHA256

      9d24afb0f2c6c019c98f7dd31c77b11cca6fe113a937d6a697bb24bc528546c8

    • SHA512

      424edc76ed6def3e92ccd00508070b3d8b5d422214f25d8e06b80efa18684293e32c06726df081625a98718288f02fe96e0f0381921b2b7900dfee2ccd84db8c

    • SSDEEP

      1572864:zviEKlFcSk8IpG7V+VPhqYdfME7ZlH/iYweyJulZUdgu0WVvj1GGRqZ9U:zvZKISkB05awcfvdQpuK0c7c9U

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks