Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    WinLock.exe

  • Size

    487KB

  • Sample

    240824-1bwssa1ale

  • MD5

    9f97b58176f9f5139929bcc9b292d776

  • SHA1

    cc7409a6a026177a47804ea44aa9cc83007d0747

  • SHA256

    cb9c0ac56597de591fb227b399a9e96dbef6ae6269a35070d9fc1f9e16fb5358

  • SHA512

    ed2afb424ab8499b71f1ad1dc9ac2e8db040a9afd9664b0145c16ffc426ea461db8b885907ace2146348bedb776a3c4cfce4f0c0fdb980ee99a17cd7ed488e34

  • SSDEEP

    12288:+R/y00bzAlvpYq1orkEHck8IzDqY33k0ero5lr:+fMgsvqY3Croj

Malware Config

Targets

    • Target

      WinLock.exe

    • Size

      487KB

    • MD5

      9f97b58176f9f5139929bcc9b292d776

    • SHA1

      cc7409a6a026177a47804ea44aa9cc83007d0747

    • SHA256

      cb9c0ac56597de591fb227b399a9e96dbef6ae6269a35070d9fc1f9e16fb5358

    • SHA512

      ed2afb424ab8499b71f1ad1dc9ac2e8db040a9afd9664b0145c16ffc426ea461db8b885907ace2146348bedb776a3c4cfce4f0c0fdb980ee99a17cd7ed488e34

    • SSDEEP

      12288:+R/y00bzAlvpYq1orkEHck8IzDqY33k0ero5lr:+fMgsvqY3Croj

    • UAC bypass

    • Windows security bypass

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Event Triggered Execution: Image File Execution Options Injection

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks