Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
download.png
-
Size
2KB
-
Sample
241001-xlcacayfld
-
MD5
c1a0892088d55517ca579dd597de66f9
-
SHA1
465f3c4b77b1d2fb0fc8443ea44992db839eca01
-
SHA256
f356c1e5e8ec22a79b2547dd939d824d40200e5c599b38c7d7b531f6b2778f51
-
SHA512
db7ad5a8ad60a2505faf056673e27c3bec3034d245f874b22eee678b279b79561df8f1c7739663836e298469ffd99589e098abbba484738e217155afe0132cdb
Malware Config
Targets
-
-
Target
download.png
-
Size
2KB
-
MD5
c1a0892088d55517ca579dd597de66f9
-
SHA1
465f3c4b77b1d2fb0fc8443ea44992db839eca01
-
SHA256
f356c1e5e8ec22a79b2547dd939d824d40200e5c599b38c7d7b531f6b2778f51
-
SHA512
db7ad5a8ad60a2505faf056673e27c3bec3034d245f874b22eee678b279b79561df8f1c7739663836e298469ffd99589e098abbba484738e217155afe0132cdb
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Disables RegEdit via registry modification
-
Downloads MZ/PE file
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Disable or Modify Tools
1Modify Registry
4