Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ematweak.rar
-
Size
25.9MB
-
Sample
240814-hf73hatalq
-
MD5
9e1fab29823d9d9d7f288504439b4cd4
-
SHA1
07c09b6de043ad83a34a5d2dcbe546f4f05238ac
-
SHA256
0849cf54e5d72b0dfd92270b128f7e112a0261cba63743f39550c65091000c86
-
SHA512
ffcb4ef49d993980e2de7db57bfdac147e88d3dea426ab4b93be2f0247ae76e514c5c30c0ec11c529071f0564d2c53cd1930f5e5e1855b7f81cc31b0b6061785
-
SSDEEP
786432:aT/cFn347IgrdJPTpvRprEDgjhS1/irta:+/Q3atbVvRpQgjU5irk
Behavioral task
behavioral1
Sample
demo32.exe
Resource
win10-20240404-en
Malware Config
Targets
-
-
Target
demo32.bin
-
Size
26.9MB
-
MD5
11a06ae6f2ac98a31bf96baf70f19e69
-
SHA1
83cc819078991e8483e969227c2f655080aa1791
-
SHA256
baf3935f11869032513ca43e064a59c9815d28ea929216ade6d6b69a371d87bb
-
SHA512
8b20773bd1c52e4d79b0c498917d59d2ea6ce01410ed66e2c0d6666ba1e69b28f4f86f050a6c2e815531b8c8550b3cfac65dc1236d2bfa75a3daf1af3d5e12d1
-
SSDEEP
786432:uYQbLLeJ9gPQ71QtI2Yh58W81RIfgR3Vg8:dQiJ98miI3WWO5Fg
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops startup file
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
-
-
Target
fivemtweak.bat
-
Size
548KB
-
MD5
1ff976a56a8f8c228c564c9e4ed56f58
-
SHA1
c42110ccb1f31b25ad51efe0074e329244a92c88
-
SHA256
170349b2cd4958e167d9fbf4d4e15d92fc781ec6d026d9786c0d44bf64b73c89
-
SHA512
add974c01950607090825b15e32f97d1a2b9309cc89ebb33c6d60399bb8996e8c61267db1d052cbd107dcd0f7c906534e270dce16b6138636da3cfc3b93998ef
-
SSDEEP
1536:VzyurPOwnlmDbChbCFACzACLWbwP+yVdhH7pHDh6dE2m02NkTVLWjr+IU:llr8bmbkAqA2bH7VdkEG1VLkr+IU
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops startup file
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Event Triggered Execution
1Component Object Model Hijacking
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3