Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ADB.exe
-
Size
1.1MB
-
Sample
240708-3p4fwsveqm
-
MD5
c1f9696650a7965bae37f5237bfcad32
-
SHA1
500f7da087d618a0903639cd59b9ca2ba92a46ba
-
SHA256
155eee426bb4f90b77a11ab86a8d165e01dd4f14109e6a0cd6c64bd0c010fa2a
-
SHA512
ccb525e44129b3e57d47f9803b670ddeb78100581ac5d7a9a5e93a0718861ce700a1cba34a067c916644fb0e177879087574360388702576040e07a865d041bc
-
SSDEEP
24576:2ddFMz0EsyK1V9B0ihaw4NlP5r7i4V3ps78VC9JtsV+n1:2dd6z0isVz0KaP7iYwoUOk
Malware Config
Targets
-
-
Target
ADB.exe
-
Size
1.1MB
-
MD5
c1f9696650a7965bae37f5237bfcad32
-
SHA1
500f7da087d618a0903639cd59b9ca2ba92a46ba
-
SHA256
155eee426bb4f90b77a11ab86a8d165e01dd4f14109e6a0cd6c64bd0c010fa2a
-
SHA512
ccb525e44129b3e57d47f9803b670ddeb78100581ac5d7a9a5e93a0718861ce700a1cba34a067c916644fb0e177879087574360388702576040e07a865d041bc
-
SSDEEP
24576:2ddFMz0EsyK1V9B0ihaw4NlP5r7i4V3ps78VC9JtsV+n1:2dd6z0isVz0KaP7iYwoUOk
Score8/10-
Blocklisted process makes network request
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Execution
Scheduled Task/Job
1Scheduled Task
1System Services
1Service Execution
1Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Scheduled Task
1