Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2bde8a0357a3e9c2202962b1c941198d8389709b1e34abf10b11bdd70fe70060
-
Size
2.6MB
-
Sample
240811-1phs3sthng
-
MD5
9ccb508018835587a848ddaabae897d1
-
SHA1
2d87df0d1599d652e3478bcff975109517bf29c7
-
SHA256
2bde8a0357a3e9c2202962b1c941198d8389709b1e34abf10b11bdd70fe70060
-
SHA512
3dd58ce8f7eb8b95dcb322b9d4059176dbd77617f56a00bb40608900805f03d5adea506727501f9f0862ea54004aac67905d18103514efd29f583559f89814be
-
SSDEEP
12288:HSprXDGV/9Ji6mqUuGybDagMKaA8SFaL4OcDb70:FleZ8bahA8KVb70
Malware Config
Targets
-
-
Target
2bde8a0357a3e9c2202962b1c941198d8389709b1e34abf10b11bdd70fe70060
-
Size
2.6MB
-
MD5
9ccb508018835587a848ddaabae897d1
-
SHA1
2d87df0d1599d652e3478bcff975109517bf29c7
-
SHA256
2bde8a0357a3e9c2202962b1c941198d8389709b1e34abf10b11bdd70fe70060
-
SHA512
3dd58ce8f7eb8b95dcb322b9d4059176dbd77617f56a00bb40608900805f03d5adea506727501f9f0862ea54004aac67905d18103514efd29f583559f89814be
-
SSDEEP
12288:HSprXDGV/9Ji6mqUuGybDagMKaA8SFaL4OcDb70:FleZ8bahA8KVb70
Score10/10-
UAC bypass
-
Windows security bypass
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Windows security modification
-
Checks whether UAC is enabled
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
4