Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a5cdc8c5ffddfc7d83f2cb92fbaac93bfd7e9cf919f7249ddeb8de93eef777c1
-
Size
33KB
-
Sample
240812-a4cmhaxbrn
-
MD5
232be6ede67aa2a788169289d0de4de4
-
SHA1
2dad49af3cee9589d3cc2ce4bda038560c7f589e
-
SHA256
a5cdc8c5ffddfc7d83f2cb92fbaac93bfd7e9cf919f7249ddeb8de93eef777c1
-
SHA512
7b42484ad1d627bf23d5b1e325e8510b6d7ed6bda9771f8f697697d8a382e66369383f70d13544a6cf728a6a74a8505287b24173d0f9807cb89fb3051403bc54
-
SSDEEP
768:tQbuQRy2UjmUndnlTttxDn+3jiSkjRY6AB7kKfYoJ+ifBEewzKOb:QuQRylaUDTDxDXjy6AB7koYy2Tb
Malware Config
Targets
-
-
Target
a5cdc8c5ffddfc7d83f2cb92fbaac93bfd7e9cf919f7249ddeb8de93eef777c1
-
Size
33KB
-
MD5
232be6ede67aa2a788169289d0de4de4
-
SHA1
2dad49af3cee9589d3cc2ce4bda038560c7f589e
-
SHA256
a5cdc8c5ffddfc7d83f2cb92fbaac93bfd7e9cf919f7249ddeb8de93eef777c1
-
SHA512
7b42484ad1d627bf23d5b1e325e8510b6d7ed6bda9771f8f697697d8a382e66369383f70d13544a6cf728a6a74a8505287b24173d0f9807cb89fb3051403bc54
-
SSDEEP
768:tQbuQRy2UjmUndnlTttxDn+3jiSkjRY6AB7kKfYoJ+ifBEewzKOb:QuQRylaUDTDxDXjy6AB7koYy2Tb
Score10/10-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1