Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
83e0de8e9ffc573ee2045268d81f33c085dbe9804ef273611ad5216c14136942
-
Size
67KB
-
Sample
240929-3gspeszdme
-
MD5
03597db200d5c9dce67da7e02e2a4ade
-
SHA1
6aef6da057cf5e17f7900f32106cf4ec0023f58c
-
SHA256
83e0de8e9ffc573ee2045268d81f33c085dbe9804ef273611ad5216c14136942
-
SHA512
f21305a160018b408e44ceb9e122d638b219a830dc23f07cf46afcc1d4d055fe18de85af85ff8b7661332e7965852f645e7daf18a95b2c83a0178d55abb42dc3
-
SSDEEP
1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1GwKC:ulg35GTslA5t3uwKC
Malware Config
Targets
-
-
Target
83e0de8e9ffc573ee2045268d81f33c085dbe9804ef273611ad5216c14136942
-
Size
67KB
-
MD5
03597db200d5c9dce67da7e02e2a4ade
-
SHA1
6aef6da057cf5e17f7900f32106cf4ec0023f58c
-
SHA256
83e0de8e9ffc573ee2045268d81f33c085dbe9804ef273611ad5216c14136942
-
SHA512
f21305a160018b408e44ceb9e122d638b219a830dc23f07cf46afcc1d4d055fe18de85af85ff8b7661332e7965852f645e7daf18a95b2c83a0178d55abb42dc3
-
SSDEEP
1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1GwKC:ulg35GTslA5t3uwKC
Score10/10-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1