Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
weave.exe
-
Size
18.2MB
-
Sample
240927-w984jstgjr
-
MD5
f293ebde82be4a4c20f5b58a05384108
-
SHA1
2240637695575a69e8918a9e9083d8f6d6a25356
-
SHA256
6ee011dc3dc0568d97acddc89bfbae917c42a811a99cd851e17bae209e9e7506
-
SHA512
a1a222e1203baad3141f2fbf3fca6f511842556c8175cdc6ea735e494aa9e923ef53d906c79bf53af1a1ec1e113cd70e5f06fb6068faf89912726e520e592224
-
SSDEEP
393216:duxU/9YlNS1YOmAP0ybcsOCdha3hgw7KQs6Qg5H2Ym8IBX3Iv:dP/9YzC3csZa3hgRgJIBXE
Static task
static1
Behavioral task
behavioral1
Sample
weave.exe
Resource
win11-20240802-en
Malware Config
Targets
-
-
Target
weave.exe
-
Size
18.2MB
-
MD5
f293ebde82be4a4c20f5b58a05384108
-
SHA1
2240637695575a69e8918a9e9083d8f6d6a25356
-
SHA256
6ee011dc3dc0568d97acddc89bfbae917c42a811a99cd851e17bae209e9e7506
-
SHA512
a1a222e1203baad3141f2fbf3fca6f511842556c8175cdc6ea735e494aa9e923ef53d906c79bf53af1a1ec1e113cd70e5f06fb6068faf89912726e520e592224
-
SSDEEP
393216:duxU/9YlNS1YOmAP0ybcsOCdha3hgw7KQs6Qg5H2Ym8IBX3Iv:dP/9YzC3csZa3hgRgJIBXE
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Indicator Removal: Clear Windows Event Logs
Clear Windows Event Logs to hide the activity of an intrusion.
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1System Services
1Service Execution
1Defense Evasion
Impair Defenses
1Indicator Removal
1Clear Windows Event Logs
1Virtualization/Sandbox Evasion
1