Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
CleanupTool.exe
-
Size
6.6MB
-
Sample
240720-gyy2wazcml
-
MD5
01055d7b175ece6a0c846b7aeb3afb1c
-
SHA1
d2876eb4aaac6cf4cc90aa4194d12187a627c850
-
SHA256
54e0d5432537529d082865d7b1d2b3f3db14f80124414a672fb72a4569cf0ce8
-
SHA512
3caa6365447f45275ca1a07167e0d29f5302b28e100b62eb9460a1abb96605fa356898e73d2460c6be835e798d23adfa6e240172f2d38adf5a8083607c47ea51
-
SSDEEP
196608:D9kdARgI+eX1ItAW7pDTAJi195DEguI7iVjoN:D9kcV+eX01wi1/ZmUN
Static task
static1
Behavioral task
behavioral1
Sample
CleanupTool.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
CleanupTool.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
CleanupTool.exe
-
Size
6.6MB
-
MD5
01055d7b175ece6a0c846b7aeb3afb1c
-
SHA1
d2876eb4aaac6cf4cc90aa4194d12187a627c850
-
SHA256
54e0d5432537529d082865d7b1d2b3f3db14f80124414a672fb72a4569cf0ce8
-
SHA512
3caa6365447f45275ca1a07167e0d29f5302b28e100b62eb9460a1abb96605fa356898e73d2460c6be835e798d23adfa6e240172f2d38adf5a8083607c47ea51
-
SSDEEP
196608:D9kdARgI+eX1ItAW7pDTAJi195DEguI7iVjoN:D9kcV+eX01wi1/ZmUN
Score8/10-
Drops file in Drivers directory
-
Modifies file permissions
-
Adds Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1System Services
1Service Execution
1Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Modify Registry
3