Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
005ff49678b8be60267bb5f5839b2100N.exe
-
Size
120KB
-
Sample
240713-rb18tswamh
-
MD5
005ff49678b8be60267bb5f5839b2100
-
SHA1
76bd0b1c9a7c7c3fc003ea2332dc359f7bd1d3e4
-
SHA256
4d10371e623bc09f84a9dd08e70a79a8f7d83bf36d5013710daeb303df80e84e
-
SHA512
60af9d5eb18bbd99b195d691e41b259a8385516837f78d649b78b1778ca9615f465ee90edbf5117ff8520bdc06ef8d54d770063a8d6f25e6af475ca7375607d3
-
SSDEEP
1536:2l7TsJfHTfgA25aeJLSTKPDFI7v5mnKT5QHHsqfJQ17U7PGz3gBpc00rf4DMqj6D:uTAzr2UnKby7v6KlQn5C1uP43Oiizkb
Static task
static1
Behavioral task
behavioral1
Sample
005ff49678b8be60267bb5f5839b2100N.dll
Resource
win7-20240708-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
005ff49678b8be60267bb5f5839b2100N.exe
-
Size
120KB
-
MD5
005ff49678b8be60267bb5f5839b2100
-
SHA1
76bd0b1c9a7c7c3fc003ea2332dc359f7bd1d3e4
-
SHA256
4d10371e623bc09f84a9dd08e70a79a8f7d83bf36d5013710daeb303df80e84e
-
SHA512
60af9d5eb18bbd99b195d691e41b259a8385516837f78d649b78b1778ca9615f465ee90edbf5117ff8520bdc06ef8d54d770063a8d6f25e6af475ca7375607d3
-
SSDEEP
1536:2l7TsJfHTfgA25aeJLSTKPDFI7v5mnKT5QHHsqfJQ17U7PGz3gBpc00rf4DMqj6D:uTAzr2UnKby7v6KlQn5C1uP43Oiizkb
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5