Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

Prueba1.exe

windows7-x64

6

Prueba1.exe

windows10-2004-x64

8

Resubmissions

25/09/2024, 17:58

240925-wkcztasbrd 8

25/09/2024, 17:55

240925-wheqmasarb 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Prueba1.exe

  • Size

    227KB

  • Sample

    240925-wheqmasarb

  • MD5

    4339cc7cb7c8df84a3a1bbd3cba4cf17

  • SHA1

    b041a7ac27006a3d204726cecef465a34f06a3f3

  • SHA256

    e3ebbde456c0c20d1436661909137cd38ce6be51cf78e7cb0d2944b124bed326

  • SHA512

    3e795d43daa63db9435ab3d03a6800719f25b1f8311188148c5ac51eea1835ca76a6fb10040559271e42de7b3d5e18dda89a572fb975ee60f6a90d1575a85f31

  • SSDEEP

    3072:W+PSS5WcZM55FjBcmnE2V/anyoQI5swjEG6vpRcuKtK41rL2JtjwKk:tPSPX5FWhMwj16xrcKaLWjwKk

Score
8/10
defense_evasionevasionexecutionpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      Prueba1.exe

    • Size

      227KB

    • MD5

      4339cc7cb7c8df84a3a1bbd3cba4cf17

    • SHA1

      b041a7ac27006a3d204726cecef465a34f06a3f3

    • SHA256

      e3ebbde456c0c20d1436661909137cd38ce6be51cf78e7cb0d2944b124bed326

    • SHA512

      3e795d43daa63db9435ab3d03a6800719f25b1f8311188148c5ac51eea1835ca76a6fb10040559271e42de7b3d5e18dda89a572fb975ee60f6a90d1575a85f31

    • SSDEEP

      3072:W+PSS5WcZM55FjBcmnE2V/anyoQI5swjEG6vpRcuKtK41rL2JtjwKk:tPSPX5FWhMwj16xrcKaLWjwKk

    Score
    8/10
    defense_evasionevasionexecutionpersistenceprivilege_escalation

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Hide Artifacts: Hidden Files and Directories

      defense_evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Indicator Removal

1
T1070

File Deletion

1
T1070.004

Credential Access

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

3
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks