Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Tools 4 Us perfomance Optimizer.rar
-
Size
65KB
-
Sample
240810-r1h4jsxgne
-
MD5
958ef020fe147a7deafd1c2b6481d66c
-
SHA1
9d00a0c7271f08683a1d964f12592f8341e00be7
-
SHA256
0eab2646e358f1183ed2c6c9796587e6ea5d3d269b2fd390c825fe4e265e6d18
-
SHA512
0020928fbd51dce1b0369dbaebe0e424a7d37df232f9c2ebd1b170f69f859a1e3267026e3dd8c8cf0f0539c8b121224bb7bd49bb97623fbf979496d23e8627cf
-
SSDEEP
1536:WkYbh3dQD9LYPFDLolGoD/DV/5C2dWB1wCdIV0n:puux2xkltD/DV/5ubwt0
Static task
static1
Behavioral task
behavioral1
Sample
Tools 4 Us perfomance Optimizer/Tools 4 Us Performance Optimizor.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
Tools 4 Us perfomance Optimizer/Tools 4 Us Performance Optimizor.exe
-
Size
248KB
-
MD5
2de633900832b4407c7d42a4062ca841
-
SHA1
230c2adc8939b96f122cd6f67bfbaac37c643c3c
-
SHA256
89945a42c220dc51b895e91c95ce3538d1efa2ef5037abe0f2ece8381c8df8f5
-
SHA512
430bb95be1bfe099ebf563b1b73c1af95bdf5d2b1af62fd2a83c2492c40b7d8564211f246f4407c95ec9fcd65530360006d29c96f7cdba3f52183b2bf0c36f6c
-
SSDEEP
3072:3MobR7ezAjLOZvmX1NKQ515FvqwP1goyGPz9:8eR7eammH8iMGb
-
Modifies security service
-
Modifies boot configuration data using bcdedit
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Modifies file permissions
-
Adds Run key to start application
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Image File Execution Options Injection
1Power Settings
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Image File Execution Options Injection
1Defense Evasion
File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
1Ignore Process Interrupts
1Impair Defenses
3Disable or Modify Tools
2Indicator Removal
2Clear Persistence
1File Deletion
1Modify Registry
5