Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    built.exe

  • Size

    8.3MB

  • Sample

    241009-zsc7bsybmb

  • MD5

    6e2668a6fe1448dd9a4bb6636e4eaf9e

  • SHA1

    947f1db5b80e1c70a075f09a8c540352dfedbf78

  • SHA256

    1efa756a38ef52f02ab9a094e207e3b79b9dea2e50225cf1af8995427a4b8f0b

  • SHA512

    542cb59afa5575c4a1af348f63e5bfd5a8dfc776646deb002e49e6381c04e28f9e40358cf68b6a2495dbc18cb73768bd3bffe54160146e2b2d8a8ef1684accf6

  • SSDEEP

    196608:qe1uY4wfI9jUCzi4H1qSiXLGVi7DMgpZASEyQ0VMwICEc/jV:PpIHziK1piXLGVE4UrS0VJx

Malware Config

Targets

    • Target

      built.exe

    • Size

      8.3MB

    • MD5

      6e2668a6fe1448dd9a4bb6636e4eaf9e

    • SHA1

      947f1db5b80e1c70a075f09a8c540352dfedbf78

    • SHA256

      1efa756a38ef52f02ab9a094e207e3b79b9dea2e50225cf1af8995427a4b8f0b

    • SHA512

      542cb59afa5575c4a1af348f63e5bfd5a8dfc776646deb002e49e6381c04e28f9e40358cf68b6a2495dbc18cb73768bd3bffe54160146e2b2d8a8ef1684accf6

    • SSDEEP

      196608:qe1uY4wfI9jUCzi4H1qSiXLGVi7DMgpZASEyQ0VMwICEc/jV:PpIHziK1piXLGVE4UrS0VJx

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks