Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
OSCEDTG6.exe
-
Size
24.3MB
-
Sample
240903-spk97szfjr
-
MD5
191d1e29bd258d5a807054d2f06ebb9e
-
SHA1
e8342c43775bd82250b9d2070948c4f1494433dc
-
SHA256
56f7087ac2f3acbd80d6f04a0cd2801d2e382cb20426530d58dac93e54e8eba7
-
SHA512
6fc4fede1f2debc7873a8fda2d06cc3fbc89ef23dab867f0c41679fed68e9dbeaba74c2c9c6342761b00607e2cb76601688d5b125f3d6534150c66d5cca958ad
-
SSDEEP
393216:jkbwzO1yREkZgf8UgP8AxYDX1+TtIiFGuvB5IjWqn6eCz1vyxXUS+drp16:obwzFRRbUbX71QtIZS3ILn6eQyV+df
Malware Config
Targets
-
-
Target
OSCEDTG6.exe
-
Size
24.3MB
-
MD5
191d1e29bd258d5a807054d2f06ebb9e
-
SHA1
e8342c43775bd82250b9d2070948c4f1494433dc
-
SHA256
56f7087ac2f3acbd80d6f04a0cd2801d2e382cb20426530d58dac93e54e8eba7
-
SHA512
6fc4fede1f2debc7873a8fda2d06cc3fbc89ef23dab867f0c41679fed68e9dbeaba74c2c9c6342761b00607e2cb76601688d5b125f3d6534150c66d5cca958ad
-
SSDEEP
393216:jkbwzO1yREkZgf8UgP8AxYDX1+TtIiFGuvB5IjWqn6eCz1vyxXUS+drp16:obwzFRRbUbX71QtIZS3ILn6eQyV+df
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Defense Evasion
Modify Registry
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1