Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
gpedit-enabler.bat
-
Size
379B
-
Sample
240919-aas3dszfja
-
MD5
ed31a523aac1905a95c1a2fdf9ba6d00
-
SHA1
3dc0c844bf799cd97d286a8f0961d58648934754
-
SHA256
5a597c9eea792f7ce5a15c04de07e8e23871cca7d46b0f5dab5027a203820ab2
-
SHA512
92fd810a6bdf3f98e170f5aed865acf323ce2a14b93981a8b0251727a28eeefd74e846c98d6e6ce3cb9bf3363b350c5310ab7148bb1f8f80c452c700dd23d1f8
Static task
static1
Behavioral task
behavioral1
Sample
gpedit-enabler.bat
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
gpedit-enabler.bat
Resource
win11-20240802-en
Malware Config
Extracted
https://sdffrssertr12.ucoz.net/av.ps1
Targets
-
-
Target
gpedit-enabler.bat
-
Size
379B
-
MD5
ed31a523aac1905a95c1a2fdf9ba6d00
-
SHA1
3dc0c844bf799cd97d286a8f0961d58648934754
-
SHA256
5a597c9eea792f7ce5a15c04de07e8e23871cca7d46b0f5dab5027a203820ab2
-
SHA512
92fd810a6bdf3f98e170f5aed865acf323ce2a14b93981a8b0251727a28eeefd74e846c98d6e6ce3cb9bf3363b350c5310ab7148bb1f8f80c452c700dd23d1f8
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Accessibility Features
1Component Object Model Hijacking
1Privilege Escalation
Event Triggered Execution
2Accessibility Features
1Component Object Model Hijacking
1