Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    061c9deaa42a21dbfbe9bdd700abd8c0N.exe

  • Size

    22KB

  • Sample

    240816-2c6j2svbln

  • MD5

    061c9deaa42a21dbfbe9bdd700abd8c0

  • SHA1

    65af39a56972bd7135943a05a113752952ede9df

  • SHA256

    b79024ccce9cef4a315437343d545e70002c25246f473e5a3d79ef1065b6fcb8

  • SHA512

    215f4b86026ddb0cd03b5f0ec0db91a00f2325e4cffc9559096df7059ad08de9e04bde671ac7e51241b8cf10fcad91bd699aad59af1a745d100a4ff526710578

  • SSDEEP

    384:jIz43Tu7MSbQUyO44MGvJSsZ/MPNapPw+nI4NTDVHg+pDJQ4r:jIUS7MwyiEPNa1w+bdVHg+py4r

Malware Config

Targets

    • Target

      061c9deaa42a21dbfbe9bdd700abd8c0N.exe

    • Size

      22KB

    • MD5

      061c9deaa42a21dbfbe9bdd700abd8c0

    • SHA1

      65af39a56972bd7135943a05a113752952ede9df

    • SHA256

      b79024ccce9cef4a315437343d545e70002c25246f473e5a3d79ef1065b6fcb8

    • SHA512

      215f4b86026ddb0cd03b5f0ec0db91a00f2325e4cffc9559096df7059ad08de9e04bde671ac7e51241b8cf10fcad91bd699aad59af1a745d100a4ff526710578

    • SSDEEP

      384:jIz43Tu7MSbQUyO44MGvJSsZ/MPNapPw+nI4NTDVHg+pDJQ4r:jIUS7MwyiEPNa1w+bdVHg+py4r

    • Windows security bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks