Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0c66314ec91c984c11bd4780c569c2e9.bin
-
Size
2.9MB
-
Sample
240720-bdc11ssfqg
-
MD5
68b1e4817f504d846b3f0f0f08f2b9bd
-
SHA1
d1b9d43e090786df9e884e03a392c42152f42ad7
-
SHA256
57a7ebc992cbd4c1ca63cea6a1ae7d34534fd0b8ebd6b636b28c5d6d8d78bdb0
-
SHA512
bf77e53100bce6630df88fda6e8053e4e3a2c52bdec6bd9789622b96c7bc3d7ae815c11e84e2cd33c8423de69122210057408d5eec0d554dcd61a199623bea6b
-
SSDEEP
49152:62Ixv/EA/iEZMfV1MkL3Vv3GY4+nSIr0ukV0Ho/eXa4pVGttXrSFufFclf5ZcmM:62I/EA6EafV6i/GFd9V0HoGXcrSo9OgL
Static task
static1
Behavioral task
behavioral1
Sample
c729bd033e705a2fddd3591c1e52a48932aeef628f6f63f460e56bfffe39c3ab.msi
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
c729bd033e705a2fddd3591c1e52a48932aeef628f6f63f460e56bfffe39c3ab.msi
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
c729bd033e705a2fddd3591c1e52a48932aeef628f6f63f460e56bfffe39c3ab.msi
-
Size
3.0MB
-
MD5
0c66314ec91c984c11bd4780c569c2e9
-
SHA1
cac715cac7fae53975445b7ddc7791d06ed276ee
-
SHA256
c729bd033e705a2fddd3591c1e52a48932aeef628f6f63f460e56bfffe39c3ab
-
SHA512
79636dfddf19f4840ad08f1a7d9f4bc3c565aa569e28ba2b8ca1efebde05ddb40386c3f84b88028a62479270d036315b488500488cc9945db7c22280e4b36353
-
SSDEEP
49152:0HxABHFIZIhHjCGODHqLZ93GaBk2vHhCuh8mou5koD2U1l5x38tMfXTFv3dca7vL:DukHsqfGSkYBCuh8mouDb1ln8sXT53dT
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
3Component Object Model Hijacking
1Image File Execution Options Injection
1Installer Packages
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
3Component Object Model Hijacking
1Image File Execution Options Injection
1Installer Packages
1