Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Cheat NurSultan.exe
-
Size
1.3MB
-
Sample
240701-y222daxdjb
-
MD5
22b762a6b5b3da61cbf9e1222b8c7bd3
-
SHA1
e96af3ed20282eec090ba042650c6ed0aee200ef
-
SHA256
6158c5b45fb9b11f49d6ea84917c3dce8590b8410accb865e346c68f9c619a99
-
SHA512
68071a50f25693272389995390c0c3d828355402ae52ceabd3cae5f1d2262c0a6f7ece737dbcc44a3fb4093aa7784a71f3bc08d3a409518762b0ca8eb2527aca
-
SSDEEP
24576:mwxPanDWDAxfy+t4g6cBLi2iYQOlb8T8IU+x:LxPpWTjPJplgTfUw
Static task
static1
Behavioral task
behavioral1
Sample
Cheat NurSultan.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Cheat NurSultan.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
Cheat NurSultan.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral4
Sample
Cheat NurSultan.exe
Resource
win11-20240508-en
Malware Config
Targets
-
-
Target
Cheat NurSultan.exe
-
Size
1.3MB
-
MD5
22b762a6b5b3da61cbf9e1222b8c7bd3
-
SHA1
e96af3ed20282eec090ba042650c6ed0aee200ef
-
SHA256
6158c5b45fb9b11f49d6ea84917c3dce8590b8410accb865e346c68f9c619a99
-
SHA512
68071a50f25693272389995390c0c3d828355402ae52ceabd3cae5f1d2262c0a6f7ece737dbcc44a3fb4093aa7784a71f3bc08d3a409518762b0ca8eb2527aca
-
SSDEEP
24576:mwxPanDWDAxfy+t4g6cBLi2iYQOlb8T8IU+x:LxPpWTjPJplgTfUw
Score10/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1System Services
1Launchctl
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1