Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    31ce9a4555eec4a271d1f4f66b4481f7268d2fd033d03efbc9af88add3524d32

  • Size

    232KB

  • Sample

    240901-znlyns1epj

  • MD5

    3b9a24122715895bca73202126c31e85

  • SHA1

    6a15d34fa9dc40e05b3fc16ad5a344414e2ccdb1

  • SHA256

    31ce9a4555eec4a271d1f4f66b4481f7268d2fd033d03efbc9af88add3524d32

  • SHA512

    d97d787f53c712e8bd9f30b2808588ff8a727b82b970cb82b88567a1c7fb9aeac7a0b6cf8cff2801062a312643f6dda94c477908f273e24be317b1fcb3a7b46e

  • SSDEEP

    3072:G1i/NU8bOMYcYYcmy51VRgiFCpCIXUWOLTsEsigcL3P6xxc1VOz1i/NU82OMYcYU:gi/NjO5xbg/CSUFLTwMjs6oi/N+O7

Malware Config

Targets

    • Target

      31ce9a4555eec4a271d1f4f66b4481f7268d2fd033d03efbc9af88add3524d32

    • Size

      232KB

    • MD5

      3b9a24122715895bca73202126c31e85

    • SHA1

      6a15d34fa9dc40e05b3fc16ad5a344414e2ccdb1

    • SHA256

      31ce9a4555eec4a271d1f4f66b4481f7268d2fd033d03efbc9af88add3524d32

    • SHA512

      d97d787f53c712e8bd9f30b2808588ff8a727b82b970cb82b88567a1c7fb9aeac7a0b6cf8cff2801062a312643f6dda94c477908f273e24be317b1fcb3a7b46e

    • SSDEEP

      3072:G1i/NU8bOMYcYYcmy51VRgiFCpCIXUWOLTsEsigcL3P6xxc1VOz1i/NU82OMYcYU:gi/NjO5xbg/CSUFLTwMjs6oi/N+O7

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

    • Hide Artifacts: Hidden Files and Directories

MITRE ATT&CK Enterprise v15

Tasks