Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    63679243c47c8c9690b42098778611c0N.exe

  • Size

    21KB

  • Sample

    240720-h38bsasalp

  • MD5

    63679243c47c8c9690b42098778611c0

  • SHA1

    ec59c9fc2e5a18114f0abde2e3ea99510897a56b

  • SHA256

    8ac15f82a2bb641c962e25e2d50c83697a544218b80da5e4378b8f6ad4f86dc2

  • SHA512

    f8385fa201d92443675dce1efcab89b824544abc4663152717c1765d023b79310495f2dd0f467a238be2aa6144915120d54d4079d125c7335c67d8ded8748a54

  • SSDEEP

    384:UBWoC5GDr6wc/w3HgM6vDUTAXBGCVf4WVlFvX6S3k5i:rRkiLw3HsDSARGG/qS3yi

Malware Config

Targets

    • Target

      63679243c47c8c9690b42098778611c0N.exe

    • Size

      21KB

    • MD5

      63679243c47c8c9690b42098778611c0

    • SHA1

      ec59c9fc2e5a18114f0abde2e3ea99510897a56b

    • SHA256

      8ac15f82a2bb641c962e25e2d50c83697a544218b80da5e4378b8f6ad4f86dc2

    • SHA512

      f8385fa201d92443675dce1efcab89b824544abc4663152717c1765d023b79310495f2dd0f467a238be2aa6144915120d54d4079d125c7335c67d8ded8748a54

    • SSDEEP

      384:UBWoC5GDr6wc/w3HgM6vDUTAXBGCVf4WVlFvX6S3k5i:rRkiLw3HsDSARGG/qS3yi

    • Windows security bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks