Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2cf0a5d81c...50.exe

windows7-x64

10

2cf0a5d81c...50.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2cf0a5d81c398b1b9b3420cef774c5739fcc25812172a1be62b2c258d0dcfc50

  • Size

    1.2MB

  • Sample

    240909-1dqdsa1ekr

  • MD5

    1a027bd2e0bd67f33bb6ad6f4029b1c6

  • SHA1

    763e46995b5401cb489a25c3b947000368911d4d

  • SHA256

    2cf0a5d81c398b1b9b3420cef774c5739fcc25812172a1be62b2c258d0dcfc50

  • SHA512

    d27761d31cca6c425e555f85f9e12b076ce62efca1756f15e65d3bf1013ca660ad47464b6785d10c815e2b82f8de953db6a45b98e079fa462b73ac613434849f

  • SSDEEP

    24576:XD7Xr5my0DPP23Iy5YAmRW6B8If0s83I4eqowSwa1X9tqY7Jxiq+n:XD7Xroy0DPP23Iy5YAmw6B8If0F3Iwo4

Score
10/10
defense_evasiondiscoveryevasionexecutionpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      2cf0a5d81c398b1b9b3420cef774c5739fcc25812172a1be62b2c258d0dcfc50

    • Size

      1.2MB

    • MD5

      1a027bd2e0bd67f33bb6ad6f4029b1c6

    • SHA1

      763e46995b5401cb489a25c3b947000368911d4d

    • SHA256

      2cf0a5d81c398b1b9b3420cef774c5739fcc25812172a1be62b2c258d0dcfc50

    • SHA512

      d27761d31cca6c425e555f85f9e12b076ce62efca1756f15e65d3bf1013ca660ad47464b6785d10c815e2b82f8de953db6a45b98e079fa462b73ac613434849f

    • SSDEEP

      24576:XD7Xr5my0DPP23Iy5YAmRW6B8If0s83I4eqowSwa1X9tqY7Jxiq+n:XD7Xroy0DPP23Iy5YAmw6B8If0F3Iwo4

    Score
    10/10
    defense_evasiondiscoveryevasionexecutionpersistenceprivilege_escalation

    • Modifies visibility of file extensions in Explorer

      evasion

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Disables taskbar notifications via registry modification

      evasion

    • Downloads MZ/PE file

    • Modifies Windows Firewall

      evasion

    • Modifies WinLogon

      persistence

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

      persistence

    • Hide Artifacts: Hidden Users

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

2
T1059

PowerShell

2
T1059.001

Persistence

Account Manipulation

1
T1098

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Power Settings

1
T1653

Privilege Escalation

Account Manipulation

1
T1098

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

1
T1564.001

Hidden Users

1
T1564.002

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

5
T1112

Credential Access

Discovery

Permission Groups Discovery

1
T1069

Local Groups

1
T1069.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks