Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Bootstrapper (1).exe

  • Size

    797KB

  • Sample

    240725-12ks7s1cnf

  • MD5

    e17359299ed4ff8eb0bde32bfa679980

  • SHA1

    45638e3899aaae7127793efaa707be5527228834

  • SHA256

    56e72fbff8a833e9dd8ddc3f8b5318f917da54e06694197e9c91c7d69b850f8b

  • SHA512

    87ef968932c44bd7198bb7fb35794e8ee108ecda7d37c9033c32fa31b0239718053c712e1e55cdef79adc6ffb711d9fd0b326d3afe24499eb34dda95e07d049e

  • SSDEEP

    12288:+8Ox5ri65gJbbUjl8C2oAQgjFVfGmc4XqCon9hUpVo34u:HOx5G6IC2oAQgjFVGmHXqlF4u

Score
8/10

Malware Config

Targets

    • Target

      Bootstrapper (1).exe

    • Size

      797KB

    • MD5

      e17359299ed4ff8eb0bde32bfa679980

    • SHA1

      45638e3899aaae7127793efaa707be5527228834

    • SHA256

      56e72fbff8a833e9dd8ddc3f8b5318f917da54e06694197e9c91c7d69b850f8b

    • SHA512

      87ef968932c44bd7198bb7fb35794e8ee108ecda7d37c9033c32fa31b0239718053c712e1e55cdef79adc6ffb711d9fd0b326d3afe24499eb34dda95e07d049e

    • SSDEEP

      12288:+8Ox5ri65gJbbUjl8C2oAQgjFVfGmc4XqCon9hUpVo34u:HOx5G6IC2oAQgjFVGmHXqlF4u

    Score
    8/10
    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks