Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a5cdc8c5ffddfc7d83f2cb92fbaac93bfd7e9cf919f7249ddeb8de93eef777c1

  • Size

    33KB

  • Sample

    240812-a4cmhaxbrn

  • MD5

    232be6ede67aa2a788169289d0de4de4

  • SHA1

    2dad49af3cee9589d3cc2ce4bda038560c7f589e

  • SHA256

    a5cdc8c5ffddfc7d83f2cb92fbaac93bfd7e9cf919f7249ddeb8de93eef777c1

  • SHA512

    7b42484ad1d627bf23d5b1e325e8510b6d7ed6bda9771f8f697697d8a382e66369383f70d13544a6cf728a6a74a8505287b24173d0f9807cb89fb3051403bc54

  • SSDEEP

    768:tQbuQRy2UjmUndnlTttxDn+3jiSkjRY6AB7kKfYoJ+ifBEewzKOb:QuQRylaUDTDxDXjy6AB7koYy2Tb

Malware Config

Targets

    • Target

      a5cdc8c5ffddfc7d83f2cb92fbaac93bfd7e9cf919f7249ddeb8de93eef777c1

    • Size

      33KB

    • MD5

      232be6ede67aa2a788169289d0de4de4

    • SHA1

      2dad49af3cee9589d3cc2ce4bda038560c7f589e

    • SHA256

      a5cdc8c5ffddfc7d83f2cb92fbaac93bfd7e9cf919f7249ddeb8de93eef777c1

    • SHA512

      7b42484ad1d627bf23d5b1e325e8510b6d7ed6bda9771f8f697697d8a382e66369383f70d13544a6cf728a6a74a8505287b24173d0f9807cb89fb3051403bc54

    • SSDEEP

      768:tQbuQRy2UjmUndnlTttxDn+3jiSkjRY6AB7kKfYoJ+ifBEewzKOb:QuQRylaUDTDxDXjy6AB7koYy2Tb

    • Windows security bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks