Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    OSCEDTG6.exe

  • Size

    24.3MB

  • Sample

    240903-spk97szfjr

  • MD5

    191d1e29bd258d5a807054d2f06ebb9e

  • SHA1

    e8342c43775bd82250b9d2070948c4f1494433dc

  • SHA256

    56f7087ac2f3acbd80d6f04a0cd2801d2e382cb20426530d58dac93e54e8eba7

  • SHA512

    6fc4fede1f2debc7873a8fda2d06cc3fbc89ef23dab867f0c41679fed68e9dbeaba74c2c9c6342761b00607e2cb76601688d5b125f3d6534150c66d5cca958ad

  • SSDEEP

    393216:jkbwzO1yREkZgf8UgP8AxYDX1+TtIiFGuvB5IjWqn6eCz1vyxXUS+drp16:obwzFRRbUbX71QtIZS3ILn6eQyV+df

Malware Config

Targets

    • Target

      OSCEDTG6.exe

    • Size

      24.3MB

    • MD5

      191d1e29bd258d5a807054d2f06ebb9e

    • SHA1

      e8342c43775bd82250b9d2070948c4f1494433dc

    • SHA256

      56f7087ac2f3acbd80d6f04a0cd2801d2e382cb20426530d58dac93e54e8eba7

    • SHA512

      6fc4fede1f2debc7873a8fda2d06cc3fbc89ef23dab867f0c41679fed68e9dbeaba74c2c9c6342761b00607e2cb76601688d5b125f3d6534150c66d5cca958ad

    • SSDEEP

      393216:jkbwzO1yREkZgf8UgP8AxYDX1+TtIiFGuvB5IjWqn6eCz1vyxXUS+drp16:obwzFRRbUbX71QtIZS3ILn6eQyV+df

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks