Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2496afe349303f5135b3e82978870b33c9fe5bea6ae494a7bcdd5ae01a0d0544
-
Size
72.6MB
-
Sample
240905-j9nfmawekn
-
MD5
b93c7a9d3b8ab6939f673c8a316d7fac
-
SHA1
2b900cc34fbc6d28cdcbc91368317b7019735027
-
SHA256
2496afe349303f5135b3e82978870b33c9fe5bea6ae494a7bcdd5ae01a0d0544
-
SHA512
eae37ade54e876f3c28e476a5bd88c0d3678cd73d208eec4b68ba8e1e0738e1620327c82a6d9cc6f773eed85d3dfe9ad317071b29b16821382ee8ccb32650b9c
-
SSDEEP
1572864:WJCqQUW9zp3E8N9yBrJyyEL5OE6q4UxU12xNtkI:2WU8vynyyErxFNr
Malware Config
Targets
-
-
Target
2496afe349303f5135b3e82978870b33c9fe5bea6ae494a7bcdd5ae01a0d0544
-
Size
72.6MB
-
MD5
b93c7a9d3b8ab6939f673c8a316d7fac
-
SHA1
2b900cc34fbc6d28cdcbc91368317b7019735027
-
SHA256
2496afe349303f5135b3e82978870b33c9fe5bea6ae494a7bcdd5ae01a0d0544
-
SHA512
eae37ade54e876f3c28e476a5bd88c0d3678cd73d208eec4b68ba8e1e0738e1620327c82a6d9cc6f773eed85d3dfe9ad317071b29b16821382ee8ccb32650b9c
-
SSDEEP
1572864:WJCqQUW9zp3E8N9yBrJyyEL5OE6q4UxU12xNtkI:2WU8vynyyErxFNr
Score10/10-
UAC bypass
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Modifies RDP port number used by Windows
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
2PowerShell
2Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Installer Packages
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Installer Packages
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
1Ignore Process Interrupts
1Impair Defenses
1Disable or Modify Tools
1Indicator Removal
1File Deletion
1Modify Registry
3System Binary Proxy Execution
1Msiexec
1Virtualization/Sandbox Evasion
2