Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7af6e87aae1bc84f65a5452f9c5f6270N.exe

  • Size

    206KB

  • Sample

    240821-yezbzaxalc

  • MD5

    7af6e87aae1bc84f65a5452f9c5f6270

  • SHA1

    b86d0813931e37be32baddcf1e8e059bf3264694

  • SHA256

    b15f06fa931041555e97169ea70f8550f9f228326bc8ee9b2ee36b000922bada

  • SHA512

    74f916ded191d9c6a3f72fa31eca39727007d134f3ea25a279fe89de206f72d0209e0bacaa62423b49975b80c1beb4236b1d99fc140713755d94fbb116763e76

  • SSDEEP

    3072:5vEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6unS:5vEN2U+T6i5LirrllHy4HUcMQY6t

Malware Config

Targets

    • Target

      7af6e87aae1bc84f65a5452f9c5f6270N.exe

    • Size

      206KB

    • MD5

      7af6e87aae1bc84f65a5452f9c5f6270

    • SHA1

      b86d0813931e37be32baddcf1e8e059bf3264694

    • SHA256

      b15f06fa931041555e97169ea70f8550f9f228326bc8ee9b2ee36b000922bada

    • SHA512

      74f916ded191d9c6a3f72fa31eca39727007d134f3ea25a279fe89de206f72d0209e0bacaa62423b49975b80c1beb4236b1d99fc140713755d94fbb116763e76

    • SSDEEP

      3072:5vEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6unS:5vEN2U+T6i5LirrllHy4HUcMQY6t

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks