Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4620110c6fa76312da5a318307ce575fedad06905e92d8c73d82eff36b1aa573N
-
Size
418KB
-
Sample
240928-we61ps1dna
-
MD5
7d1925b1756e40c8dfc7fb12d6a45a80
-
SHA1
bc6475b8fca78dbdbf6aacad15a48628e4834b2b
-
SHA256
4620110c6fa76312da5a318307ce575fedad06905e92d8c73d82eff36b1aa573
-
SHA512
a8a558c8ca75f0db837013fd8c132a851a6e8b9214fbe1631263290019c937389936e6ddb17b10f4290736ea51af685333c3da99bba1eb1ed77b26dfbdeb1f78
-
SSDEEP
6144:sz8wzPQpp00RQH2Td03QelhcBxKdA9EMgCCZnljS/SmMyrlC03gy8:sm02rB03QeUBxKKkCCZnljS/SmM2d8
Static task
static1
Behavioral task
behavioral1
Sample
4620110c6fa76312da5a318307ce575fedad06905e92d8c73d82eff36b1aa573N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
4620110c6fa76312da5a318307ce575fedad06905e92d8c73d82eff36b1aa573N.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
4620110c6fa76312da5a318307ce575fedad06905e92d8c73d82eff36b1aa573N
-
Size
418KB
-
MD5
7d1925b1756e40c8dfc7fb12d6a45a80
-
SHA1
bc6475b8fca78dbdbf6aacad15a48628e4834b2b
-
SHA256
4620110c6fa76312da5a318307ce575fedad06905e92d8c73d82eff36b1aa573
-
SHA512
a8a558c8ca75f0db837013fd8c132a851a6e8b9214fbe1631263290019c937389936e6ddb17b10f4290736ea51af685333c3da99bba1eb1ed77b26dfbdeb1f78
-
SSDEEP
6144:sz8wzPQpp00RQH2Td03QelhcBxKdA9EMgCCZnljS/SmMyrlC03gy8:sm02rB03QeUBxKKkCCZnljS/SmM2d8
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Browser Extensions
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Component Object Model Hijacking
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
6