Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
idapro.exe
-
Size
192KB
-
Sample
240814-qm24tsvalh
-
MD5
05d5875e19e172b49adc9d0f04ccae46
-
SHA1
c2f617a38218ed18ac5350416789de87ccfa4606
-
SHA256
c595e3530c8f93a8021ef1e23ce9031c1a989cda64dc9b51e8ee49ceec4e275c
-
SHA512
311cbd9eb728b42122b6d7e44c6a2dd5299c664fda3119e7c88adb12d1e42f9a347d330e1bd5999391c7fa5870a0ce6a712b7274a688c1687d666a04998bf7a8
-
SSDEEP
3072:ga0D9sxuuOcBrBAxIRhepq94PIbBr9r8mJTQSaMm5/6QGC/3Kh4QLs46Wn2O:ganxutqrmxBpwrWlTKh4Qffn2
Static task
static1
Behavioral task
behavioral1
Sample
idapro.exe
Resource
win10v2004-20240802-it
Malware Config
Targets
-
-
Target
idapro.exe
-
Size
192KB
-
MD5
05d5875e19e172b49adc9d0f04ccae46
-
SHA1
c2f617a38218ed18ac5350416789de87ccfa4606
-
SHA256
c595e3530c8f93a8021ef1e23ce9031c1a989cda64dc9b51e8ee49ceec4e275c
-
SHA512
311cbd9eb728b42122b6d7e44c6a2dd5299c664fda3119e7c88adb12d1e42f9a347d330e1bd5999391c7fa5870a0ce6a712b7274a688c1687d666a04998bf7a8
-
SSDEEP
3072:ga0D9sxuuOcBrBAxIRhepq94PIbBr9r8mJTQSaMm5/6QGC/3Kh4QLs46Wn2O:ganxutqrmxBpwrWlTKh4Qffn2
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Drops file in System32 directory
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1