Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
04/10/2024, 01:01
241004-bdl9pazcme 829/09/2024, 04:38
240929-e9efhashme 829/09/2024, 04:21
240929-ey1vcssejd 708/09/2024, 22:34
240908-2hjmgaydrr 108/09/2024, 22:26
240908-2c2absycjn 127/08/2024, 06:53
240827-hnx79szdjn 727/08/2024, 06:52
240827-hm7ejszcqj 327/08/2024, 06:51
240827-hmzdyazcpk 127/08/2024, 06:51
240827-hmsw6axhkb 127/08/2024, 06:19
240827-g3kp2sycrq 10General
-
Target
Text File.txt
-
Size
5B
-
Sample
241004-bdl9pazcme
-
MD5
c2850ea37e0976bbb2ecc89f3a1895da
-
SHA1
607a036b350db1d65291d2520ec0a0d22630eb5c
-
SHA256
5fb4ba1a651bae8057ec6b5cdafc93fa7e0b7d944d6f02a4b751de4e15464def
-
SHA512
a3c014ca3190b6d4425654b1988ab950491e75358977c604b612c320f55b4a2978e361d0441250cfb6b8e4ec7450150fd38a83ffa3dedfa822dde84dd7c4989a
Static task
static1
Behavioral task
behavioral1
Sample
Text File.txt
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
Text File.txt
-
Size
5B
-
MD5
c2850ea37e0976bbb2ecc89f3a1895da
-
SHA1
607a036b350db1d65291d2520ec0a0d22630eb5c
-
SHA256
5fb4ba1a651bae8057ec6b5cdafc93fa7e0b7d944d6f02a4b751de4e15464def
-
SHA512
a3c014ca3190b6d4425654b1988ab950491e75358977c604b612c320f55b4a2978e361d0441250cfb6b8e4ec7450150fd38a83ffa3dedfa822dde84dd7c4989a
-
Creates new service(s)
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Patched UPX-packed file
Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Component Object Model Hijacking
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1