Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

nitro-life...od.txt

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    nitro-lifetime-method.txt

  • Size

    1KB

  • Sample

    240921-2q95dsycmb

  • MD5

    0d7229d6ddfb223cd4c5ef9ac4a88cdb

  • SHA1

    24702f249ddc03f1362de41f8aa1d59c949f77e9

  • SHA256

    b7d148da962c5abb761e5b79e9d2823997b0dfdebf8e410a3e8dfc0d39e21581

  • SHA512

    253a0eb97ecd4879b2beb5e3c839efd0a837661bbdf911f085fabc91700853d93d36a4595560edcd75dbf188c7102726ae4334622c370af94f7ba763c2357448

Score
10/10
discoveryevasionpersistencetrojan

Malware Config

Targets

    • Target

      nitro-lifetime-method.txt

    • Size

      1KB

    • MD5

      0d7229d6ddfb223cd4c5ef9ac4a88cdb

    • SHA1

      24702f249ddc03f1362de41f8aa1d59c949f77e9

    • SHA256

      b7d148da962c5abb761e5b79e9d2823997b0dfdebf8e410a3e8dfc0d39e21581

    • SHA512

      253a0eb97ecd4879b2beb5e3c839efd0a837661bbdf911f085fabc91700853d93d36a4595560edcd75dbf188c7102726ae4334622c370af94f7ba763c2357448

    Score
    10/10
    discoveryevasionpersistencetrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

3
T1112

Credential Access

Discovery

Browser Information Discovery

1
T1217

Query Registry

1
T1012

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks