Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    PermSpoofer.exe

  • Size

    669KB

  • Sample

    240812-cakgcszcpr

  • MD5

    8eb70959830bbe2a7d2fff2d1a361a8f

  • SHA1

    09f115500da658766c31588c0beaa9b96b99f645

  • SHA256

    b44edf50616943f8a2b94e5ca860ccf5f628db03c2bd0e3bec341539f1bbe0ca

  • SHA512

    872838a53c90ccf2fbfd2b1429ed0a8066dfc5fe761a44ba0647ecbcced8ca9fe7f1620f9fede0bafcdadc7d6ec05e4146121f76a5882b830cbe1ef4ef08f78d

  • SSDEEP

    12288:uL9TxTU252j76IdIEjmo1LtnMqE51S9VWqjD:CTUq2vOEjmohtMqy9sD

Malware Config

Targets

    • Target

      PermSpoofer.exe

    • Size

      669KB

    • MD5

      8eb70959830bbe2a7d2fff2d1a361a8f

    • SHA1

      09f115500da658766c31588c0beaa9b96b99f645

    • SHA256

      b44edf50616943f8a2b94e5ca860ccf5f628db03c2bd0e3bec341539f1bbe0ca

    • SHA512

      872838a53c90ccf2fbfd2b1429ed0a8066dfc5fe761a44ba0647ecbcced8ca9fe7f1620f9fede0bafcdadc7d6ec05e4146121f76a5882b830cbe1ef4ef08f78d

    • SSDEEP

      12288:uL9TxTU252j76IdIEjmo1LtnMqE51S9VWqjD:CTUq2vOEjmohtMqy9sD

    • Downloads MZ/PE file

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks