Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
WriteMiniDump.exe
-
Size
26.6MB
-
Sample
240723-v6x2fa1eqk
-
MD5
15b5b95294faf91ce8bf1ee6016cfdd4
-
SHA1
cddfe9f67e7a015cb83a8880a85a5f118c76be36
-
SHA256
88c7c4253fc015a54bd010b5bc10013f21f32675760981096b5ac878e9c0aa17
-
SHA512
7c6a55de219bce8b41f967d8df7fcd2c9f5296981ce94dae2a0fa7c90cea99d0357ed88ed130a8bc891f92a757bc1a6b7a4f71497c375c6ade3cf0403f2f874a
-
SSDEEP
393216:5hRFZuBhX/hERSC8EmDpkI8ti7skydvVWXqHvXBbCeiIre8VBZcAdHYlbyZwVrnN:BFZuHXzCtkl8/7oA8BIre0BjHZwVHxr
Malware Config
Targets
-
-
Target
WriteMiniDump.exe
-
Size
26.6MB
-
MD5
15b5b95294faf91ce8bf1ee6016cfdd4
-
SHA1
cddfe9f67e7a015cb83a8880a85a5f118c76be36
-
SHA256
88c7c4253fc015a54bd010b5bc10013f21f32675760981096b5ac878e9c0aa17
-
SHA512
7c6a55de219bce8b41f967d8df7fcd2c9f5296981ce94dae2a0fa7c90cea99d0357ed88ed130a8bc891f92a757bc1a6b7a4f71497c375c6ade3cf0403f2f874a
-
SSDEEP
393216:5hRFZuBhX/hERSC8EmDpkI8ti7skydvVWXqHvXBbCeiIre8VBZcAdHYlbyZwVrnN:BFZuHXzCtkl8/7oA8BIre0BjHZwVHxr
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Defense Evasion
Modify Registry
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1