Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
23232.rbxm
-
Size
186KB
-
Sample
240820-21m3ls1hpq
-
MD5
28d824f0235f7c8fc85e2065fd6e91c8
-
SHA1
49715c9b99b6910ba46f2defd826eeee59b38210
-
SHA256
2843837752811de8f8982ac809cd45b363c5c377b256eeff838cb5c0b632b573
-
SHA512
559587de9a7cd3c9a1c45691b98634eb284d6882c287e98827fa36f232cba5545a353ca7610f0b1e695ec168e99a38d11b77fd0273087e58b547b2d4672a149d
-
SSDEEP
3072:J+HaY3LQRcu748sVv4aAmkND68/xj+XpPuY4McBPsmUkc5:J+6YECriZNDR+ZAxQ
Malware Config
Targets
-
-
Target
23232.rbxm
-
Size
186KB
-
MD5
28d824f0235f7c8fc85e2065fd6e91c8
-
SHA1
49715c9b99b6910ba46f2defd826eeee59b38210
-
SHA256
2843837752811de8f8982ac809cd45b363c5c377b256eeff838cb5c0b632b573
-
SHA512
559587de9a7cd3c9a1c45691b98634eb284d6882c287e98827fa36f232cba5545a353ca7610f0b1e695ec168e99a38d11b77fd0273087e58b547b2d4672a149d
-
SSDEEP
3072:J+HaY3LQRcu748sVv4aAmkND68/xj+XpPuY4McBPsmUkc5:J+6YECriZNDR+ZAxQ
Score10/10-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Deletes itself
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
9Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1