Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    computer-go-boom.exe

  • Size

    127.7MB

  • Sample

    240927-2vdlzstern

  • MD5

    b1dbc4a8a8151a9526f49c6236f84272

  • SHA1

    df8b216ccd8552e02a3631a9e001e0f4f67a5f26

  • SHA256

    0f948989ba63537747c2424e98dd1cef54b891e20b3b8556318b0486f6897f94

  • SHA512

    4f8b99eac5187391582dfe8ad627c0852017d0cd8bf9063245ce9b658c3b60a3e9f6e492d4e0dd850a36d384d666b550a3dc1d9d8e761a47ca49d27946e346e9

  • SSDEEP

    1572864:XgthajtaCGKZTPvsAv6sxk8m3sxjvGxZ3fIhE3QTZPQHv/agwMPEi/98keIIYLCE:UySU6ej6Z3Na8YMz8yLSIYeuI

Malware Config

Targets

    • Target

      computer-go-boom.exe

    • Size

      127.7MB

    • MD5

      b1dbc4a8a8151a9526f49c6236f84272

    • SHA1

      df8b216ccd8552e02a3631a9e001e0f4f67a5f26

    • SHA256

      0f948989ba63537747c2424e98dd1cef54b891e20b3b8556318b0486f6897f94

    • SHA512

      4f8b99eac5187391582dfe8ad627c0852017d0cd8bf9063245ce9b658c3b60a3e9f6e492d4e0dd850a36d384d666b550a3dc1d9d8e761a47ca49d27946e346e9

    • SSDEEP

      1572864:XgthajtaCGKZTPvsAv6sxk8m3sxjvGxZ3fIhE3QTZPQHv/agwMPEi/98keIIYLCE:UySU6ej6Z3Na8YMz8yLSIYeuI

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks