Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

06/07/2024, 19:34

240706-yaglcs1emn 10

06/07/2024, 19:29

240706-x7jasa1drl 10

06/07/2024, 19:22

240706-x29wjs1dmq 8

General

  • Target

    https://archive.org/details/malware-pack-2

  • Sample

    240706-x7jasa1drl

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://93.115.82.248/?0=1&1=1&2=9&3=i&4=9200&5=1&6=1111&7=sdkrocqnop

Targets

    • Target

      https://archive.org/details/malware-pack-2

    • Modifies WinLogon for persistence

    • UAC bypass

    • Blocklisted process makes network request

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks