Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
idapro.exe
-
Size
327KB
-
Sample
240814-s6jgyazgqb
-
MD5
0ed74836af595a75d959e703e98f3735
-
SHA1
f48fe1347528b1bcc210a90c60e93300ddfb1c31
-
SHA256
3b14f10b8cd5c55d405785829bf2e8e4917fe1ac432ec0a376b2b4621314686c
-
SHA512
dd5bb6e6c2674b8b2de6b22c0f7cc051303592d0fd50e14c8452988646760c907c9650e5b7ab594027e01faa9216f2b865b5ab015f34d92e62d51373f8152fbe
-
SSDEEP
6144:UsLqdufVUNDa+anxutqrmxBpwrWlTKh4Qffn2n:PFUNDa+axuS+waZ84
Malware Config
Targets
-
-
Target
idapro.exe
-
Size
327KB
-
MD5
0ed74836af595a75d959e703e98f3735
-
SHA1
f48fe1347528b1bcc210a90c60e93300ddfb1c31
-
SHA256
3b14f10b8cd5c55d405785829bf2e8e4917fe1ac432ec0a376b2b4621314686c
-
SHA512
dd5bb6e6c2674b8b2de6b22c0f7cc051303592d0fd50e14c8452988646760c907c9650e5b7ab594027e01faa9216f2b865b5ab015f34d92e62d51373f8152fbe
-
SSDEEP
6144:UsLqdufVUNDa+anxutqrmxBpwrWlTKh4Qffn2n:PFUNDa+axuS+waZ84
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Downloads MZ/PE file
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2