Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

Matz.cmd

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Matz.cmd

  • Size

    22KB

  • Sample

    240914-19kheazfle

  • MD5

    d221e50e4e2a071cf4507d22dfabc38d

  • SHA1

    ff1cd06eaacd102850441be310f8881ad6c8e8eb

  • SHA256

    055c572d74c93fe55c8da6506b845d594128511cc3fdd138e587acb76892cc22

  • SHA512

    d0491693bad8ddc0f90ed4a1de329ff32aabd3b492b89c657156ee02204347fee30d1f34babb39ab9ae732098561b7f89bb6e870e53deaf3326f16083777fb75

  • SSDEEP

    192:YflymM66lH6rGGGGGGGGGGGGGqVuxFtQBfVa5RNspblvNABmWdZU988fyGYgkNNs:OlM+

Score
10/10
adwaredefense_evasionpersistenceprivilege_escalationstealer

Malware Config

Targets

    • Target

      Matz.cmd

    • Size

      22KB

    • MD5

      d221e50e4e2a071cf4507d22dfabc38d

    • SHA1

      ff1cd06eaacd102850441be310f8881ad6c8e8eb

    • SHA256

      055c572d74c93fe55c8da6506b845d594128511cc3fdd138e587acb76892cc22

    • SHA512

      d0491693bad8ddc0f90ed4a1de329ff32aabd3b492b89c657156ee02204347fee30d1f34babb39ab9ae732098561b7f89bb6e870e53deaf3326f16083777fb75

    • SSDEEP

      192:YflymM66lH6rGGGGGGGGGGGGGqVuxFtQBfVa5RNspblvNABmWdZU988fyGYgkNNs:OlM+

    Score
    10/10
    adwaredefense_evasionpersistenceprivilege_escalationstealer

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Modifies system executable filetype association

      persistence

    • Adds Run key to start application

      persistence

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • System Binary Proxy Execution: Verclsid

      Adversaries may abuse Verclsid to proxy execution of malicious code.

      defense_evasion
    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

3
T1547

Active Setup

1
T1547.014

Registry Run Keys / Startup Folder

2
T1547.001

Browser Extensions

1
T1176

Event Triggered Execution

3
T1546

Change Default File Association

1
T1546.001

Component Object Model Hijacking

1
T1546.015

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

3
T1547

Active Setup

1
T1547.014

Registry Run Keys / Startup Folder

2
T1547.001

Event Triggered Execution

3
T1546

Change Default File Association

1
T1546.001

Component Object Model Hijacking

1
T1546.015

Netsh Helper DLL

1
T1546.007

Defense Evasion

Modify Registry

6
T1112

Subvert Trust Controls

1
T1553

SIP and Trust Provider Hijacking

1
T1553.003

System Binary Proxy Execution

1
T1218

Verclsid

1
T1218.012

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks