Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ee96180fc4ca29c3be3a32228a5ec8e8f078f4666b350fbe169eaf16e1295a6a
-
Size
69KB
-
Sample
240724-e8qr5s1gmb
-
MD5
7198df86cf79eab4008e00b99775f151
-
SHA1
dba78f524773dcc9ce9a58a05f31f48305694372
-
SHA256
ee96180fc4ca29c3be3a32228a5ec8e8f078f4666b350fbe169eaf16e1295a6a
-
SHA512
656c2a26ad14d0180a3c64389e9eb7374c80f7441d338af5703f2a382df3aaf7f30ae29725301d5ffd166791178948b5056b66bae8c4b8d0080da5e27a9e2a73
-
SSDEEP
1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8X2:Olg35GTslA5t3/w8G
Malware Config
Targets
-
-
Target
ee96180fc4ca29c3be3a32228a5ec8e8f078f4666b350fbe169eaf16e1295a6a
-
Size
69KB
-
MD5
7198df86cf79eab4008e00b99775f151
-
SHA1
dba78f524773dcc9ce9a58a05f31f48305694372
-
SHA256
ee96180fc4ca29c3be3a32228a5ec8e8f078f4666b350fbe169eaf16e1295a6a
-
SHA512
656c2a26ad14d0180a3c64389e9eb7374c80f7441d338af5703f2a382df3aaf7f30ae29725301d5ffd166791178948b5056b66bae8c4b8d0080da5e27a9e2a73
-
SSDEEP
1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8X2:Olg35GTslA5t3/w8G
Score10/10-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1