Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    VirtualBox-7.1.0-164728-Win.exe

  • Size

    105.5MB

  • Sample

    240913-smfa6svhmf

  • MD5

    1bd268b5bc2c521a62dd1e6e97108196

  • SHA1

    158084c6b898d70accb0d333039fcc924df858da

  • SHA256

    bc22f01478b51d4852d6a83318ed682cee4d89fc9d8eb51b41988a67b04e7de1

  • SHA512

    a5b33a159614a40cc99d30fc0bd4b568813fee1de026ccdd49f59db5e9d9763b2152f328440d18bc1944ee602d2fc48092be32c7c2b9b4c29bbdd908f0523117

  • SSDEEP

    1572864:Ftt6Ex4eQ5o2cl/JzG3YeHDg+QF3Uh9ZbS7Po+QuWjxst2aiW1wj:F7kB5Xcl1WBD1S3AnSbATt01C

Malware Config

Targets

    • Target

      VirtualBox-7.1.0-164728-Win.exe

    • Size

      105.5MB

    • MD5

      1bd268b5bc2c521a62dd1e6e97108196

    • SHA1

      158084c6b898d70accb0d333039fcc924df858da

    • SHA256

      bc22f01478b51d4852d6a83318ed682cee4d89fc9d8eb51b41988a67b04e7de1

    • SHA512

      a5b33a159614a40cc99d30fc0bd4b568813fee1de026ccdd49f59db5e9d9763b2152f328440d18bc1944ee602d2fc48092be32c7c2b9b4c29bbdd908f0523117

    • SSDEEP

      1572864:Ftt6Ex4eQ5o2cl/JzG3YeHDg+QF3Uh9ZbS7Po+QuWjxst2aiW1wj:F7kB5Xcl1WBD1S3AnSbATt01C

    • Drops file in Drivers directory

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Mark of the Web detected: This indicates that the page was originally saved or cloned.

    • Drops file in System32 directory

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

MITRE ATT&CK Enterprise v15

Tasks