Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ProduKey.exe
-
Size
208KB
-
Sample
240813-f7t9ls1gjj
-
MD5
a5660d680fcd5cdf351132685a0e5f14
-
SHA1
740d45572660c5c54b19a55e44ca0ff038a6d82e
-
SHA256
6cf9dbed273e35c0719ef691074ec6d84e6a89e5f9674120eec757a501e8564c
-
SHA512
ac442f0d72ef17ed11c4ff3c3462ac85a50adccbe226243b53e295854ab3114745a9ad9985e4977641bb0cf9c117a418209d32f5d52e4d475573ad4330911df4
-
SSDEEP
6144:CNQFpS3n65DynQtQr6dvYzQCbXAGOPzD7CAVvTWG:CNQ3cn6hyQtQr6dvYEUXAXPHO2vTWG
Static task
static1
Behavioral task
behavioral1
Sample
ProduKey.exe
Resource
win7-20240729-en
Malware Config
Targets
-
-
Target
ProduKey.exe
-
Size
208KB
-
MD5
a5660d680fcd5cdf351132685a0e5f14
-
SHA1
740d45572660c5c54b19a55e44ca0ff038a6d82e
-
SHA256
6cf9dbed273e35c0719ef691074ec6d84e6a89e5f9674120eec757a501e8564c
-
SHA512
ac442f0d72ef17ed11c4ff3c3462ac85a50adccbe226243b53e295854ab3114745a9ad9985e4977641bb0cf9c117a418209d32f5d52e4d475573ad4330911df4
-
SSDEEP
6144:CNQFpS3n65DynQtQr6dvYzQCbXAGOPzD7CAVvTWG:CNQ3cn6hyQtQr6dvYEUXAXPHO2vTWG
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Modifies Windows Firewall
-
Office macro that triggers on suspicious action
Office document macro which triggers in special circumstances - often malicious.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1