Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
build.exe
-
Size
7.1MB
-
Sample
240820-h6gcgatbnn
-
MD5
03b4a7f20fdad6d69d148a3426b499af
-
SHA1
29c2f0d4a32776ba00c8dd882d35fdbfaec343ad
-
SHA256
54ec62ac33637ed3bf49e914bfb9e5245e12fbebfb91e44705cd08b29e05b59c
-
SHA512
a2ba94f54a34a6e40d312ad63d71dec427ee3a80f300e97381f9541a6ac3fb67bc7095df38e045d088c893e92cc24058a93e02d9087c963cfbf1f6baf02c0b78
-
SSDEEP
196608:B/4iA3qoIyI47/Q3D+h6Pkvct9GcemuYX:B/3AaZDQ/Q3D+hEkUacxX
Static task
static1
Behavioral task
behavioral1
Sample
build.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
build.exe
Resource
win7-20240708-en
Behavioral task
behavioral3
Sample
build.exe
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
build.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
build.exe
Resource
win11-20240802-en
Malware Config
Targets
-
-
Target
build.exe
-
Size
7.1MB
-
MD5
03b4a7f20fdad6d69d148a3426b499af
-
SHA1
29c2f0d4a32776ba00c8dd882d35fdbfaec343ad
-
SHA256
54ec62ac33637ed3bf49e914bfb9e5245e12fbebfb91e44705cd08b29e05b59c
-
SHA512
a2ba94f54a34a6e40d312ad63d71dec427ee3a80f300e97381f9541a6ac3fb67bc7095df38e045d088c893e92cc24058a93e02d9087c963cfbf1f6baf02c0b78
-
SSDEEP
196608:B/4iA3qoIyI47/Q3D+h6Pkvct9GcemuYX:B/3AaZDQ/Q3D+hEkUacxX
Score10/10-
Modifies security service
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Indicator Removal: Clear Windows Event Logs
Clear Windows Event Logs to hide the activity of an intrusion.
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1System Services
2Service Execution
2Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
3Windows Service
3Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
3Windows Service
3Defense Evasion
Impair Defenses
1Indicator Removal
1Clear Windows Event Logs
1Modify Registry
2