Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Cheat NurSultan.exe

  • Size

    1.3MB

  • Sample

    240701-y222daxdjb

  • MD5

    22b762a6b5b3da61cbf9e1222b8c7bd3

  • SHA1

    e96af3ed20282eec090ba042650c6ed0aee200ef

  • SHA256

    6158c5b45fb9b11f49d6ea84917c3dce8590b8410accb865e346c68f9c619a99

  • SHA512

    68071a50f25693272389995390c0c3d828355402ae52ceabd3cae5f1d2262c0a6f7ece737dbcc44a3fb4093aa7784a71f3bc08d3a409518762b0ca8eb2527aca

  • SSDEEP

    24576:mwxPanDWDAxfy+t4g6cBLi2iYQOlb8T8IU+x:LxPpWTjPJplgTfUw

Malware Config

Targets

    • Target

      Cheat NurSultan.exe

    • Size

      1.3MB

    • MD5

      22b762a6b5b3da61cbf9e1222b8c7bd3

    • SHA1

      e96af3ed20282eec090ba042650c6ed0aee200ef

    • SHA256

      6158c5b45fb9b11f49d6ea84917c3dce8590b8410accb865e346c68f9c619a99

    • SHA512

      68071a50f25693272389995390c0c3d828355402ae52ceabd3cae5f1d2262c0a6f7ece737dbcc44a3fb4093aa7784a71f3bc08d3a409518762b0ca8eb2527aca

    • SSDEEP

      24576:mwxPanDWDAxfy+t4g6cBLi2iYQOlb8T8IU+x:LxPpWTjPJplgTfUw

    • UAC bypass

    • Windows security bypass

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Event Triggered Execution: Image File Execution Options Injection

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks