Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2118e594d30250dc563df16e9a5a6023063479753e9703b38b092a56ad4c7e11

  • Size

    783KB

  • Sample

    240919-tdw31axarh

  • MD5

    fade61bafe39b5cac6c2d54316f54c2a

  • SHA1

    9e07ee7a4248867f8f34894030ae643ed3c40bc0

  • SHA256

    2118e594d30250dc563df16e9a5a6023063479753e9703b38b092a56ad4c7e11

  • SHA512

    551532cfd7aea2f42d2d1bbfb8389d0fda09c83ae2bc3f13f883fae74103fce2f84532f0f6d3dab8741407466feb2c7160d7a507f97d14e3d1fce331ec3c4f40

  • SSDEEP

    12288:C761wOyrC4dtJHekiIPlHB1GzVoFB6UCBmdquf0qyoOCJUp+1EwOjo4snLM9TxBu:C7M1iJHJT1DGh9idqu8HoHUp+JUsLau

Malware Config

Targets

    • Target

      2118e594d30250dc563df16e9a5a6023063479753e9703b38b092a56ad4c7e11

    • Size

      783KB

    • MD5

      fade61bafe39b5cac6c2d54316f54c2a

    • SHA1

      9e07ee7a4248867f8f34894030ae643ed3c40bc0

    • SHA256

      2118e594d30250dc563df16e9a5a6023063479753e9703b38b092a56ad4c7e11

    • SHA512

      551532cfd7aea2f42d2d1bbfb8389d0fda09c83ae2bc3f13f883fae74103fce2f84532f0f6d3dab8741407466feb2c7160d7a507f97d14e3d1fce331ec3c4f40

    • SSDEEP

      12288:C761wOyrC4dtJHekiIPlHB1GzVoFB6UCBmdquf0qyoOCJUp+1EwOjo4snLM9TxBu:C7M1iJHJT1DGh9idqu8HoHUp+JUsLau

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Adds Run key to start application

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks