Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
06/08/2024, 18:34
240806-w74q2szfrg 106/08/2024, 18:34
240806-w7wqfazfre 406/08/2024, 18:33
240806-w7lv8szfrb 306/08/2024, 18:32
240806-w6ltvazfqa 806/08/2024, 18:31
240806-w5952szfpd 306/08/2024, 18:29
240806-w5c6bazfmf 806/08/2024, 18:17
240806-wxa1zswdlm 1006/08/2024, 18:16
240806-wwsjmszdkf 306/08/2024, 18:15
240806-wvxrzazcre 406/08/2024, 18:12
240806-ws6xvszcmd 8General
-
Target
https://download2339.mediafire.com/s7wz84q67jagLz1e-SoTTsvxb-whPzStMkiFdvMm-vbPetC59GD6ICf1x9TDdReEM-cvpMMdVdK8NJPm8Jrv0A1SIeKtdr2SQp_hRQTw2axEFvAncHVLw8-8bbor6oi0Uhuu1PuxluVPcNgK-ITWjDHyOVzOFWGvI-1etXiu9gO7cFc/jmxcdbcpk7ml8ts/RB_scri%27%2B%27pt_install_x64_x32bit.7z
-
Sample
240806-ws6xvszcmd
Malware Config
Targets
-
-
Target
https://download2339.mediafire.com/s7wz84q67jagLz1e-SoTTsvxb-whPzStMkiFdvMm-vbPetC59GD6ICf1x9TDdReEM-cvpMMdVdK8NJPm8Jrv0A1SIeKtdr2SQp_hRQTw2axEFvAncHVLw8-8bbor6oi0Uhuu1PuxluVPcNgK-ITWjDHyOVzOFWGvI-1etXiu9gO7cFc/jmxcdbcpk7ml8ts/RB_scri%27%2B%27pt_install_x64_x32bit.7z
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1