Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2f48478d6e129ed9b142eec7b8d2063f85e8296bfbaca5a1da8ebea26e344958N
-
Size
5.0MB
-
Sample
241005-gtlkzszbjn
-
MD5
83fcb5ac7f852a8c55ecad65d83e8450
-
SHA1
72504900c20f1c186fb582867392caf31dabc545
-
SHA256
2f48478d6e129ed9b142eec7b8d2063f85e8296bfbaca5a1da8ebea26e344958
-
SHA512
1c1abc3c9d3ebbf5577090fc506513cfdcb08544a8e4e12a4f881f8db4b5c52966590a8dd4a26f8d9ceba2f26241d19f597633a1aa28fa783f56700a6db270a2
-
SSDEEP
24576:qIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII3:
Static task
static1
Behavioral task
behavioral1
Sample
2f48478d6e129ed9b142eec7b8d2063f85e8296bfbaca5a1da8ebea26e344958N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2f48478d6e129ed9b142eec7b8d2063f85e8296bfbaca5a1da8ebea26e344958N.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
2f48478d6e129ed9b142eec7b8d2063f85e8296bfbaca5a1da8ebea26e344958N
-
Size
5.0MB
-
MD5
83fcb5ac7f852a8c55ecad65d83e8450
-
SHA1
72504900c20f1c186fb582867392caf31dabc545
-
SHA256
2f48478d6e129ed9b142eec7b8d2063f85e8296bfbaca5a1da8ebea26e344958
-
SHA512
1c1abc3c9d3ebbf5577090fc506513cfdcb08544a8e4e12a4f881f8db4b5c52966590a8dd4a26f8d9ceba2f26241d19f597633a1aa28fa783f56700a6db270a2
-
SSDEEP
24576:qIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII3:
Score10/10-
Modifies WinLogon for persistence
-
Drops file in Drivers directory
-
Drops startup file
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1