Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Bootstrapper.zip
-
Size
4.8MB
-
Sample
240901-xhw6cazckb
-
MD5
72febed8586b32584c0ffc37ff6f571c
-
SHA1
186288c20c8b8881aa1af9be424821cacbea46f7
-
SHA256
43d7d31f381753d5e4335a10e9b068f2454536b606520ab4432b3c87528c2f82
-
SHA512
75b6143dc0ddcc93922da21f1afdcc15763f58160da40e1c4820bb5ca98e23cb8849535a275f15735a5b254b997ee6e530c6f23a9cd23ac5935ebebcd71d9632
-
SSDEEP
98304:0NXp/PGPMFO22KAB9homBja0BYpC6Ij6j381dWjmEdrsUvDVAWpubhxg0BZUZ4b:IVPGPMY3namBhXfCsgL6ULVvkTg0oY
Static task
static1
Behavioral task
behavioral1
Sample
Bootstrapper.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Bootstrapper.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
Bootstrapper.exe
-
Size
5.9MB
-
MD5
3b1001b7fbc3df8979b738fe0e6b2e94
-
SHA1
38e286d6537a5dfc8f6d780f6855619fef2c8a75
-
SHA256
f6b7bbef0c8a6061563078824052551b1cd7a558f22d06cd427889c0088fe498
-
SHA512
da96b03811b507e6a851c7a6870e9fa383a1850d0090fd7766be65d341d434e80003c1c95b2ef582462466f46f4c6074d466ef5926caa6a654d5a3581f912886
-
SSDEEP
98304:wyTvgk+d41nz7yiiIqFmX9//u4iYrVYtgkrEm/srjft6xU0ejqIam1mjp0AF:NTgnd8nnybIqFs9SYrVYaaE3tT09m1QB
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1System Services
2Service Execution
2Defense Evasion
Impair Defenses
1Obfuscated Files or Information
1Command Obfuscation
1