Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ULTIMAETWEAKS.bat

  • Size

    327KB

  • Sample

    241012-1a4r1ascle

  • MD5

    43f991542bfd805265ecc165181c75f9

  • SHA1

    a2e2a288c3a7f7ebaa3b574726f76c51bea28089

  • SHA256

    3c5d98a65179347fcd3df1de1c5c125c8dac4290e180b0cb3ec6f02d79232c6f

  • SHA512

    67f5ff87cec713a52095cdd430001476f59c0e6cd59aa22d50afd8b2b756801dd7ecc72cae9b8d511126f2f8a482c9f6946ab7b6e913d750d15961e2674ee9b1

  • SSDEEP

    1536:WQgYm+bChbCFACzAC3rbwP+yVd+ipHD/EEUmjNG0H0QcFlV4S0v:VRbmbkAqAyhiV7EElcFlV4S0v

Malware Config

Targets

    • Target

      ULTIMAETWEAKS.bat

    • Size

      327KB

    • MD5

      43f991542bfd805265ecc165181c75f9

    • SHA1

      a2e2a288c3a7f7ebaa3b574726f76c51bea28089

    • SHA256

      3c5d98a65179347fcd3df1de1c5c125c8dac4290e180b0cb3ec6f02d79232c6f

    • SHA512

      67f5ff87cec713a52095cdd430001476f59c0e6cd59aa22d50afd8b2b756801dd7ecc72cae9b8d511126f2f8a482c9f6946ab7b6e913d750d15961e2674ee9b1

    • SSDEEP

      1536:WQgYm+bChbCFACzAC3rbwP+yVd+ipHD/EEUmjNG0H0QcFlV4S0v:VRbmbkAqAyhiV7EElcFlV4S0v

    • Disables service(s)

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Disables taskbar notifications via registry modification

    • Possible privilege escalation attempt

    • Server Software Component: Terminal Services DLL

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Modifies system executable filetype association

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Hijack Execution Flow: Executable Installer File Permissions Weakness

      Possible Turn off User Account Control's privilege elevation for standard users.

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks