Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SetupMBAM.exe

  • Size

    261.5MB

  • Sample

    240805-tz6vbswala

  • MD5

    98d22b94ba9bd9f5ade2a46fcc55d91b

  • SHA1

    2f079d4fa2764cc4c769143be93f0305a07d920c

  • SHA256

    2297bee34b1751b2ca0f20b6625bf822b3837a70f6f2b456278fba92a7188e0e

  • SHA512

    4b0e15bf15f24ab15df27f178dec2e160e5acf70962a857ca0f7dd3c8b40f7817e5257fa9dc009ac477911e4dc616129a824d250601b97e51ef55faba6b2fa3f

  • SSDEEP

    6291456:2s67aozPfjFufVrr70zgAKOU2cPSdYdcnUBp:2sidzPkdrrwMoPfadcUBp

Malware Config

Targets

    • Target

      SetupMBAM.exe

    • Size

      261.5MB

    • MD5

      98d22b94ba9bd9f5ade2a46fcc55d91b

    • SHA1

      2f079d4fa2764cc4c769143be93f0305a07d920c

    • SHA256

      2297bee34b1751b2ca0f20b6625bf822b3837a70f6f2b456278fba92a7188e0e

    • SHA512

      4b0e15bf15f24ab15df27f178dec2e160e5acf70962a857ca0f7dd3c8b40f7817e5257fa9dc009ac477911e4dc616129a824d250601b97e51ef55faba6b2fa3f

    • SSDEEP

      6291456:2s67aozPfjFufVrr70zgAKOU2cPSdYdcnUBp:2sidzPkdrrwMoPfadcUBp

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks