Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    DeadSecRootKit.exe

  • Size

    151KB

  • Sample

    240709-12yp3azhnf

  • MD5

    b8479a23c22cf6fc456e197939284069

  • SHA1

    b2d98cc291f16192a46f363d007e012d45c63300

  • SHA256

    18294ee5a6383a48d1bcf2703f17d815529df3a17580e027c3efea1800900e8f

  • SHA512

    786cd468ce3723516dc869b09e008ec5d35d1f0c1a61e70083a3be15180866be637bd7d8665c2f0218c56875a0ee597c277e088f77dd403bdd2182d06bad3bd4

  • SSDEEP

    3072:9QpsyzjtpfkzW/7F/ix/ApwXnDLn10FbxYSC/B9KIZb29b/HvX:9QpsyzjtpfOW/7FO/AKL10FbmlBoIYRn

Score
10/10

Malware Config

Targets

    • Target

      DeadSecRootKit.exe

    • Size

      151KB

    • MD5

      b8479a23c22cf6fc456e197939284069

    • SHA1

      b2d98cc291f16192a46f363d007e012d45c63300

    • SHA256

      18294ee5a6383a48d1bcf2703f17d815529df3a17580e027c3efea1800900e8f

    • SHA512

      786cd468ce3723516dc869b09e008ec5d35d1f0c1a61e70083a3be15180866be637bd7d8665c2f0218c56875a0ee597c277e088f77dd403bdd2182d06bad3bd4

    • SSDEEP

      3072:9QpsyzjtpfkzW/7F/ix/ApwXnDLn10FbxYSC/B9KIZb29b/HvX:9QpsyzjtpfOW/7FO/AKL10FbmlBoIYRn

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks