Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3efb9eaea8a30b685b67cb06b56b186582f961dcfb88a0c916a6fa84d35f1041.exe
-
Size
3.0MB
-
Sample
240705-gc1nkswdmd
-
MD5
6faa1ca3bbbe30e5bf38bc5538f04980
-
SHA1
75e5bb4ed3c2ede0a7227ed4588a014d5ad9f5ec
-
SHA256
3efb9eaea8a30b685b67cb06b56b186582f961dcfb88a0c916a6fa84d35f1041
-
SHA512
7d916c68981a4ca1eb5ba15ddadfbbc5e5e546b3e57e384710c5ac6f7f9639a472a73b72088964347896357b0ebccbbfe054c661aac4d9c0ba3321c342b2306f
-
SSDEEP
49152:kMLeP19bEQBeI0BawEjSghQO+RejCXnTRhApjDRNqAe/l3YvH:9LeP19gQI1BJEjP+RiC3thy4xYP
Static task
static1
Behavioral task
behavioral1
Sample
3efb9eaea8a30b685b67cb06b56b186582f961dcfb88a0c916a6fa84d35f1041.exe
Resource
win7-20240704-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
3efb9eaea8a30b685b67cb06b56b186582f961dcfb88a0c916a6fa84d35f1041.exe
-
Size
3.0MB
-
MD5
6faa1ca3bbbe30e5bf38bc5538f04980
-
SHA1
75e5bb4ed3c2ede0a7227ed4588a014d5ad9f5ec
-
SHA256
3efb9eaea8a30b685b67cb06b56b186582f961dcfb88a0c916a6fa84d35f1041
-
SHA512
7d916c68981a4ca1eb5ba15ddadfbbc5e5e546b3e57e384710c5ac6f7f9639a472a73b72088964347896357b0ebccbbfe054c661aac4d9c0ba3321c342b2306f
-
SSDEEP
49152:kMLeP19bEQBeI0BawEjSghQO+RejCXnTRhApjDRNqAe/l3YvH:9LeP19gQI1BJEjP+RiC3thy4xYP
-
Modifies firewall policy service
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1