Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Cheat NurSultan.exe

  • Size

    1.3MB

  • Sample

    240701-y222daxdjb

  • MD5

    22b762a6b5b3da61cbf9e1222b8c7bd3

  • SHA1

    e96af3ed20282eec090ba042650c6ed0aee200ef

  • SHA256

    6158c5b45fb9b11f49d6ea84917c3dce8590b8410accb865e346c68f9c619a99

  • SHA512

    68071a50f25693272389995390c0c3d828355402ae52ceabd3cae5f1d2262c0a6f7ece737dbcc44a3fb4093aa7784a71f3bc08d3a409518762b0ca8eb2527aca

  • SSDEEP

    24576:mwxPanDWDAxfy+t4g6cBLi2iYQOlb8T8IU+x:LxPpWTjPJplgTfUw

Malware Config

Targets

    • Target

      Cheat NurSultan.exe

    • Size

      1.3MB

    • MD5

      22b762a6b5b3da61cbf9e1222b8c7bd3

    • SHA1

      e96af3ed20282eec090ba042650c6ed0aee200ef

    • SHA256

      6158c5b45fb9b11f49d6ea84917c3dce8590b8410accb865e346c68f9c619a99

    • SHA512

      68071a50f25693272389995390c0c3d828355402ae52ceabd3cae5f1d2262c0a6f7ece737dbcc44a3fb4093aa7784a71f3bc08d3a409518762b0ca8eb2527aca

    • SSDEEP

      24576:mwxPanDWDAxfy+t4g6cBLi2iYQOlb8T8IU+x:LxPpWTjPJplgTfUw

    • UAC bypass

    • Windows security bypass

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Event Triggered Execution: Image File Execution Options Injection

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.