Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
EZFNLauncher.msi
-
Size
8.8MB
-
Sample
240921-a9rcvaxerk
-
MD5
c094ae439f4a97409d752fa64f6eab86
-
SHA1
e607d4616a2262bb245c43269d7c3f769269e5d0
-
SHA256
9ab1f0f955d23c0a2a0e3727a9f778bef9057d4b615df3f6194906dac49e2c26
-
SHA512
df8bd4db2130cdf94493caa170801cfc1e273aa22253d33b066db3be56b164c904f54172bb6f60afd131f9459a8e9895d718bb905420f067936862d86ed9506e
-
SSDEEP
196608:hwrQNEqoCdzOx618QNSi2lfVc6VpvPH62RM7tBIbK1/JuhC:hgcOxvQgllfjXtr8/kh
Static task
static1
Behavioral task
behavioral1
Sample
EZFNLauncher.msi
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
EZFNLauncher.msi
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
EZFNLauncher.msi
-
Size
8.8MB
-
MD5
c094ae439f4a97409d752fa64f6eab86
-
SHA1
e607d4616a2262bb245c43269d7c3f769269e5d0
-
SHA256
9ab1f0f955d23c0a2a0e3727a9f778bef9057d4b615df3f6194906dac49e2c26
-
SHA512
df8bd4db2130cdf94493caa170801cfc1e273aa22253d33b066db3be56b164c904f54172bb6f60afd131f9459a8e9895d718bb905420f067936862d86ed9506e
-
SSDEEP
196608:hwrQNEqoCdzOx618QNSi2lfVc6VpvPH62RM7tBIbK1/JuhC:hgcOxvQgllfjXtr8/kh
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
3Component Object Model Hijacking
1Image File Execution Options Injection
1Installer Packages
1Privilege Escalation
Event Triggered Execution
3Component Object Model Hijacking
1Image File Execution Options Injection
1Installer Packages
1