Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Mw3Chair.exe
-
Size
93.8MB
-
Sample
240915-cb864szdle
-
MD5
2dfdda495ef398f421af9821ec5bd6fb
-
SHA1
7bc7a0716e47064842c2616a2fe1a5a6c4ebaf24
-
SHA256
f77744f36fab5f4abb3ae0cf2bfade543ec90472bcdef6508bddf38493fa6873
-
SHA512
1c2af9e84ef2cbe0949e02e3e62cb0a178c53e05260ba0887888e7ff78adcc13d60f0ac4b444a1d3733ef462249b96be17c04d211c08e5dcbd6d42fd5673e508
-
SSDEEP
1572864:509tMO8gn6D68Uzusf2nhqQVGNgV2UIsVHBfgxXW5snXOyi4oLmm0GTjuME7:pTgOizfeR6gV2Vy4xXW5sXOPAxMjuMW
Static task
static1
Behavioral task
behavioral1
Sample
Mw3Chair.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Mw3Chair.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
Mw3Chair.exe
-
Size
93.8MB
-
MD5
2dfdda495ef398f421af9821ec5bd6fb
-
SHA1
7bc7a0716e47064842c2616a2fe1a5a6c4ebaf24
-
SHA256
f77744f36fab5f4abb3ae0cf2bfade543ec90472bcdef6508bddf38493fa6873
-
SHA512
1c2af9e84ef2cbe0949e02e3e62cb0a178c53e05260ba0887888e7ff78adcc13d60f0ac4b444a1d3733ef462249b96be17c04d211c08e5dcbd6d42fd5673e508
-
SSDEEP
1572864:509tMO8gn6D68Uzusf2nhqQVGNgV2UIsVHBfgxXW5snXOyi4oLmm0GTjuME7:pTgOizfeR6gV2Vy4xXW5sXOPAxMjuMW
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1System Services
1Service Execution
1Privilege Escalation
Access Token Manipulation
1Create Process with Token
1Create or Modify System Process
1Windows Service
1Defense Evasion
Access Token Manipulation
1Create Process with Token
1Impair Defenses
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1