Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

04/10/2024, 12:49

241004-p2q5favdjk 10

04/10/2024, 12:45

241004-py4w5ayflh 8

General

  • Target

    fox X vynla.exe

  • Size

    195KB

  • Sample

    241004-p2q5favdjk

  • MD5

    e07a79dfb6409358299b6952600f2552

  • SHA1

    b73413c974ac6a74b04954fced09648a2b4da5a3

  • SHA256

    5f69bc66b594f45abd8c36f4b32ccd4c27b5e3d909927c61e4d0bb29553d8e92

  • SHA512

    682dd7416d9f97c2f7241473b2c70cd32cb708d4a738d76737c185d6d0d3a7ee459a874845d12782a88eb1fe1c1d90a2304c675006920918389dfa7777b7be2b

  • SSDEEP

    768:oFmbYc2FNAQBA9WFydBmu0zbbj0mxds+sY3X/J+k6tB:oFmyNAQBCyLj0m5F4lt

Malware Config

Targets

    • Target

      fox X vynla.exe

    • Size

      195KB

    • MD5

      e07a79dfb6409358299b6952600f2552

    • SHA1

      b73413c974ac6a74b04954fced09648a2b4da5a3

    • SHA256

      5f69bc66b594f45abd8c36f4b32ccd4c27b5e3d909927c61e4d0bb29553d8e92

    • SHA512

      682dd7416d9f97c2f7241473b2c70cd32cb708d4a738d76737c185d6d0d3a7ee459a874845d12782a88eb1fe1c1d90a2304c675006920918389dfa7777b7be2b

    • SSDEEP

      768:oFmbYc2FNAQBA9WFydBmu0zbbj0mxds+sY3X/J+k6tB:oFmyNAQBCyLj0m5F4lt

    • Modifies WinLogon for persistence

    • UAC bypass

    • Disables RegEdit via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops desktop.ini file(s)

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks