Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
BootStrapper.exe
-
Size
149KB
-
Sample
240903-n775gaxcrf
-
MD5
dd742c42283806d63458be56a64ea254
-
SHA1
bb252ef14c278321b1a6f474a686e224269dd457
-
SHA256
cf4afbbe58f7a6d7f1888b0a0e2da4f57da6d3ea329dc577c230b806f74aba26
-
SHA512
7b3a2ca8518f5cd27de93733bf20958053fac4bcd00039f8f73979fcf8fc2e6393dcc7f10bed0971cac15d090375b7292ad9fcc425e29687b04f8b033b197121
-
SSDEEP
3072:+czkitvo4BpYN/6mBPry8TXROLdW5m4mURp9OOGF0kmGwY:+A4NCmBPry/N2NOOInw
Static task
static1
Behavioral task
behavioral1
Sample
BootStrapper.exe
Resource
win11-20240802-en
Malware Config
Targets
-
-
Target
BootStrapper.exe
-
Size
149KB
-
MD5
dd742c42283806d63458be56a64ea254
-
SHA1
bb252ef14c278321b1a6f474a686e224269dd457
-
SHA256
cf4afbbe58f7a6d7f1888b0a0e2da4f57da6d3ea329dc577c230b806f74aba26
-
SHA512
7b3a2ca8518f5cd27de93733bf20958053fac4bcd00039f8f73979fcf8fc2e6393dcc7f10bed0971cac15d090375b7292ad9fcc425e29687b04f8b033b197121
-
SSDEEP
3072:+czkitvo4BpYN/6mBPry8TXROLdW5m4mURp9OOGF0kmGwY:+A4NCmBPry/N2NOOInw
-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Defense Evasion
Modify Registry
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1