Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    AdobeReader 10.exe

  • Size

    45.7MB

  • Sample

    240816-24ntbashke

  • MD5

    4b2f2dd39efca7ab7d69ad6735a26ffc

  • SHA1

    3d5b75ae4bd60262aaacfb35c852e31dd8ade37f

  • SHA256

    666859e6c3724513d033e3197dc7efb8736f690eb15603210813a9e5b761d2c7

  • SHA512

    56b6554f24746f18d742f962f6635649318d0dfaff399853814e4fff22efe9f141eb3bb6455f240fdd9e5eeebf324b0771e3dab3b0b0e18a193180b395fcdfb4

  • SSDEEP

    786432:nUKocG8JHLygNDq4dIQO6kOm256ddCpTe50HWS3Burn0AwdokgFLSw3:RocfLtNDMQDYBXEe0HWJ0A17Sk

Malware Config

Targets

    • Target

      AdobeReader 10.exe

    • Size

      45.7MB

    • MD5

      4b2f2dd39efca7ab7d69ad6735a26ffc

    • SHA1

      3d5b75ae4bd60262aaacfb35c852e31dd8ade37f

    • SHA256

      666859e6c3724513d033e3197dc7efb8736f690eb15603210813a9e5b761d2c7

    • SHA512

      56b6554f24746f18d742f962f6635649318d0dfaff399853814e4fff22efe9f141eb3bb6455f240fdd9e5eeebf324b0771e3dab3b0b0e18a193180b395fcdfb4

    • SSDEEP

      786432:nUKocG8JHLygNDq4dIQO6kOm256ddCpTe50HWS3Burn0AwdokgFLSw3:RocfLtNDMQDYBXEe0HWJ0A17Sk

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Blocklisted process makes network request

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks