Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
05d1cf1d8a06c7db5b6a37a616ef6f54fb13e863e9785cb431ae060efb04185b
-
Size
1.5MB
-
Sample
240901-eap3ys1dje
-
MD5
ce5aed08ef0b8c758f49605d860dfbc0
-
SHA1
6db3aa68327bfea13dd178b4e5e4694b9e726462
-
SHA256
05d1cf1d8a06c7db5b6a37a616ef6f54fb13e863e9785cb431ae060efb04185b
-
SHA512
6b8af571bfa24b3ef2f3faba08dc7e4a105df7fd86b9838da50241402385108096b3788e783fb7265529120505d11c76da91849bd9c0d36f3088a2c9fc8e2db0
-
SSDEEP
24576:P4nXubIQGyxbPV0db26fLywtAvfAc+bv8++UHavwRerOC2V:Pqe3f6yqAH+7A4avwR51
Static task
static1
Behavioral task
behavioral1
Sample
05d1cf1d8a06c7db5b6a37a616ef6f54fb13e863e9785cb431ae060efb04185b.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
05d1cf1d8a06c7db5b6a37a616ef6f54fb13e863e9785cb431ae060efb04185b.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
05d1cf1d8a06c7db5b6a37a616ef6f54fb13e863e9785cb431ae060efb04185b
-
Size
1.5MB
-
MD5
ce5aed08ef0b8c758f49605d860dfbc0
-
SHA1
6db3aa68327bfea13dd178b4e5e4694b9e726462
-
SHA256
05d1cf1d8a06c7db5b6a37a616ef6f54fb13e863e9785cb431ae060efb04185b
-
SHA512
6b8af571bfa24b3ef2f3faba08dc7e4a105df7fd86b9838da50241402385108096b3788e783fb7265529120505d11c76da91849bd9c0d36f3088a2c9fc8e2db0
-
SSDEEP
24576:P4nXubIQGyxbPV0db26fLywtAvfAc+bv8++UHavwRerOC2V:Pqe3f6yqAH+7A4avwR51
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
2