Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

login.html

windows11-21h2-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    login

  • Size

    27KB

  • Sample

    240817-pz1wvswdpd

  • MD5

    2f4746bd004089f788433af50df3c3a1

  • SHA1

    dd3e4ada09bcadd368e9f00c8f0c0fb23c403578

  • SHA256

    8a8c823816664ff45d7046725a978ff246adb8bb04ff7ec06151380d51efac8a

  • SHA512

    f7f9f5cd15ca61a0b0b5ec559a5203c5e807078a054a84179dcb15f77c95e1179dd5808ee786399c71dfebacc14a8be51260b4434270115988d7650bb8b12141

  • SSDEEP

    384:ooi99m5v477sGGzK+TpQn7M9cyqy/f2f/Yb6WiZEMuulffGfMfDsVz3syZj5XCqi:T/+scm2f/Yb6HZuul3UWDsV7syZ9c

Score
7/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      login

    • Size

      27KB

    • MD5

      2f4746bd004089f788433af50df3c3a1

    • SHA1

      dd3e4ada09bcadd368e9f00c8f0c0fb23c403578

    • SHA256

      8a8c823816664ff45d7046725a978ff246adb8bb04ff7ec06151380d51efac8a

    • SHA512

      f7f9f5cd15ca61a0b0b5ec559a5203c5e807078a054a84179dcb15f77c95e1179dd5808ee786399c71dfebacc14a8be51260b4434270115988d7650bb8b12141

    • SSDEEP

      384:ooi99m5v477sGGzK+TpQn7M9cyqy/f2f/Yb6WiZEMuulffGfMfDsVz3syZj5XCqi:T/+scm2f/Yb6HZuul3UWDsV7syZ9c

    Score
    7/10
    discoverypersistenceprivilege_escalation

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops desktop.ini file(s)

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

2
T1546

Change Default File Association

1
T1546.001

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

2
T1546

Change Default File Association

1
T1546.001

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

Browser Information Discovery

1
T1217

Query Registry

4
T1012

System Information Discovery

4
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.