Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
RobloxScreenShot20240816_143121489.png
-
Size
767KB
-
Sample
240902-lmr7eaybpb
-
MD5
34e193a8213126c80788e468e60d491a
-
SHA1
3c2cef83427a0ae53c7928f4a51a4b740aaed246
-
SHA256
99768802974637b8f9aa0abc825fe2f8b3fb42a2be83c203cd16e2d27f92e828
-
SHA512
21f15bb505a10f7df209a8de86de818c726081bae4e734786e9a5a48e8c59070edb7536a7c66b8f69a30df4d119a1e9dcaf2ec0a5778bee0bac4764c9d9c254f
-
SSDEEP
12288:TAydlJqixZJt2I912L1Bb0wUijRjkb4AMCT1ZxE7VuiVFDIzEd8y1STVv:r5ZJtB9125Bb2eeXMuHE7Vu+/d8yMv
Static task
static1
Behavioral task
behavioral1
Sample
RobloxScreenShot20240816_143121489.png
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
RobloxScreenShot20240816_143121489.png
-
Size
767KB
-
MD5
34e193a8213126c80788e468e60d491a
-
SHA1
3c2cef83427a0ae53c7928f4a51a4b740aaed246
-
SHA256
99768802974637b8f9aa0abc825fe2f8b3fb42a2be83c203cd16e2d27f92e828
-
SHA512
21f15bb505a10f7df209a8de86de818c726081bae4e734786e9a5a48e8c59070edb7536a7c66b8f69a30df4d119a1e9dcaf2ec0a5778bee0bac4764c9d9c254f
-
SSDEEP
12288:TAydlJqixZJt2I912L1Bb0wUijRjkb4AMCT1ZxE7VuiVFDIzEd8y1STVv:r5ZJtB9125Bb2eeXMuHE7Vu+/d8yMv
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
1Component Object Model Hijacking
1