Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
06a4698c1710444b937e8e76e6323760N.exe
-
Size
292KB
-
Sample
240903-3ajsya1drb
-
MD5
06a4698c1710444b937e8e76e6323760
-
SHA1
4ef6f325c23e313c04318b84aa6386b6d45fe36b
-
SHA256
0441ea399065719c8fbe7a69e4625a8e723b49c95a7facdcab2416002b9ade73
-
SHA512
be79170d91e37f7d1882436cb6e74f2382150b0242a6ae78c64f39a5619d6ece6443a703f904e8661994fa4cc5374ff96aaa4856d0970436f3612b9804741327
-
SSDEEP
3072:Fbluj2AgK1S4lQ/qml80FqCKmgTRHGvcqRI0NU/iYyA8QN:Fbl5RKgOGqml80FrgTRHGvJI08iYiQN
Malware Config
Targets
-
-
Target
06a4698c1710444b937e8e76e6323760N.exe
-
Size
292KB
-
MD5
06a4698c1710444b937e8e76e6323760
-
SHA1
4ef6f325c23e313c04318b84aa6386b6d45fe36b
-
SHA256
0441ea399065719c8fbe7a69e4625a8e723b49c95a7facdcab2416002b9ade73
-
SHA512
be79170d91e37f7d1882436cb6e74f2382150b0242a6ae78c64f39a5619d6ece6443a703f904e8661994fa4cc5374ff96aaa4856d0970436f3612b9804741327
-
SSDEEP
3072:Fbluj2AgK1S4lQ/qml80FqCKmgTRHGvcqRI0NU/iYyA8QN:Fbl5RKgOGqml80FrgTRHGvJI08iYiQN
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4