Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Install VALORANT.exe
-
Size
68.3MB
-
Sample
240907-gtdv5sycmm
-
MD5
7da818565aa08d22e5950cbe28d5c215
-
SHA1
82e382af13d7f3f8c5bea56faeeea0566883931c
-
SHA256
e5859eb1dfa66e5d40908e0fc6901d7c2f5bd84fb6df5a3b432e34576e04cebd
-
SHA512
afa921057b4953b4fbb88c17d7b2c3cb80c59d4bca9e776d590e2693a5af3d6861592d302f9f349e6bc03f3555e77b6f033d17c33143c8dce104f6a8fc80904a
-
SSDEEP
1572864:sgs99CzSp8d0UNl/Ywrt9E7lzPFUKBBJDIVIbjSp1xe:/6p8dnAthBBJDIVRj
Malware Config
Targets
-
-
Target
Install VALORANT.exe
-
Size
68.3MB
-
MD5
7da818565aa08d22e5950cbe28d5c215
-
SHA1
82e382af13d7f3f8c5bea56faeeea0566883931c
-
SHA256
e5859eb1dfa66e5d40908e0fc6901d7c2f5bd84fb6df5a3b432e34576e04cebd
-
SHA512
afa921057b4953b4fbb88c17d7b2c3cb80c59d4bca9e776d590e2693a5af3d6861592d302f9f349e6bc03f3555e77b6f033d17c33143c8dce104f6a8fc80904a
-
SSDEEP
1572864:sgs99CzSp8d0UNl/Ywrt9E7lzPFUKBBJDIVIbjSp1xe:/6p8dnAthBBJDIVRj
Score6/10-
Adds Run key to start application
-
Downloads MZ/PE file
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Defense Evasion
Modify Registry
4Subvert Trust Controls
1Install Root Certificate
1