Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN
-
Size
1.2MB
-
Sample
241025-2fvxqawame
-
MD5
52020fb713143f15456da51e4d895970
-
SHA1
29857a25ca0915011ea8fea0c58c85ecbbe13894
-
SHA256
53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578d
-
SHA512
ba9956edd06bc1738817454f9dcd2b6588a44107e7ec825a31e5c0e57d450a966f228ce106bef10bfccc4ecf86e40e7f6378f343359a52618e7e930dfa1cb461
-
SSDEEP
12288:qIIIx/30YdPHz982Vm8540sIIIIIIIIIIIs:qIIIx/3FPHzK8m0sIIIIIIIIIIIs
Static task
static1
Behavioral task
behavioral1
Sample
53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN
-
Size
1.2MB
-
MD5
52020fb713143f15456da51e4d895970
-
SHA1
29857a25ca0915011ea8fea0c58c85ecbbe13894
-
SHA256
53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578d
-
SHA512
ba9956edd06bc1738817454f9dcd2b6588a44107e7ec825a31e5c0e57d450a966f228ce106bef10bfccc4ecf86e40e7f6378f343359a52618e7e930dfa1cb461
-
SSDEEP
12288:qIIIx/30YdPHz982Vm8540sIIIIIIIIIIIs:qIIIx/3FPHzK8m0sIIIIIIIIIIIs
Score10/10-
Modifies WinLogon for persistence
-
Drops file in Drivers directory
-
Drops startup file
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1