Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

db97570a01...0N.exe

windows7-x64

10

db97570a01...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    db97570a01873908d9790a206d1eb5f0N.exe

  • Size

    1.9MB

  • Sample

    240901-sdwxkavckg

  • MD5

    db97570a01873908d9790a206d1eb5f0

  • SHA1

    b77105f5ebc5848a08262e4f528405a54fe66532

  • SHA256

    f151a4e141442d10d6fe624521a29c03f1ee6142c6feff3c449c3bfccbf04596

  • SHA512

    126e2467c13c95988f90e6c44c4ad5fbeaca41fb33821fd9d0178b316c14e73647874cbd448e3c9eed4a9f4eca1c72d7283ab3615f5518da3031f0c7ccca776c

  • SSDEEP

    49152:ISlNHydXboE+2pKWTvP6p9kB/GS0fsXCFK:ISjydNCYn0+x

Score
10/10
discoveryevasionpersistence

Malware Config

Targets

    • Target

      db97570a01873908d9790a206d1eb5f0N.exe

    • Size

      1.9MB

    • MD5

      db97570a01873908d9790a206d1eb5f0

    • SHA1

      b77105f5ebc5848a08262e4f528405a54fe66532

    • SHA256

      f151a4e141442d10d6fe624521a29c03f1ee6142c6feff3c449c3bfccbf04596

    • SHA512

      126e2467c13c95988f90e6c44c4ad5fbeaca41fb33821fd9d0178b316c14e73647874cbd448e3c9eed4a9f4eca1c72d7283ab3615f5518da3031f0c7ccca776c

    • SSDEEP

      49152:ISlNHydXboE+2pKWTvP6p9kB/GS0fsXCFK:ISjydNCYn0+x

    Score
    10/10
    discoveryevasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Modify Registry

2
T1112

Virtualization/Sandbox Evasion

2
T1497

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Virtualization/Sandbox Evasion

2
T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks