Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d1322936eef9707b3aae7c71f2e5a81b0190710ba5ac4b7c3a845f2a7f4fafdc
-
Size
255KB
-
Sample
241014-en91aayamh
-
MD5
d298e59c984f1814754b040cedc857a0
-
SHA1
c6b5bf48d5ef8152e838927957ba215b0c5f223d
-
SHA256
d1322936eef9707b3aae7c71f2e5a81b0190710ba5ac4b7c3a845f2a7f4fafdc
-
SHA512
2dae71bc19d2a9f1c15639f9e96b3bcae6e832b08777591413622d1059e28225e13cfef07b28df6f9a4bdc8d45c81ef43fcf357248a6ee6073be896d72f13a0e
-
SSDEEP
6144:zvEN2U+T6i5LirrllHy4HUcMQY6A7290/5:zENN+T5xYrllrU7QY6WB
Malware Config
Targets
-
-
Target
d1322936eef9707b3aae7c71f2e5a81b0190710ba5ac4b7c3a845f2a7f4fafdc
-
Size
255KB
-
MD5
d298e59c984f1814754b040cedc857a0
-
SHA1
c6b5bf48d5ef8152e838927957ba215b0c5f223d
-
SHA256
d1322936eef9707b3aae7c71f2e5a81b0190710ba5ac4b7c3a845f2a7f4fafdc
-
SHA512
2dae71bc19d2a9f1c15639f9e96b3bcae6e832b08777591413622d1059e28225e13cfef07b28df6f9a4bdc8d45c81ef43fcf357248a6ee6073be896d72f13a0e
-
SSDEEP
6144:zvEN2U+T6i5LirrllHy4HUcMQY6A7290/5:zENN+T5xYrllrU7QY6WB
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4