Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
google-chrome-26-0-1410-5-dev-26.0.1410.5_chrome_installer.exe
-
Size
31.4MB
-
Sample
241025-y9z7ra1qel
-
MD5
95183396a1038d95304556635fa40b7f
-
SHA1
a8b36d990fa6a389ce64860f0f9f49a0d1be86e4
-
SHA256
5206961fd8041dff18a4f9cd23ed7540756522280768da8ff6b9f455ea9383a8
-
SHA512
52ea993ada1deecc915fe1765c2fe9591a18539ca4056d9e3be3f2e5c69b20064e2fcb3d2d733d1475512d9b5e460f40951972da31b7cb02a75e5b5789db6897
-
SSDEEP
786432:t9wXGyFvS4YEk9S5xb9QGO1g9PoPUgUYUC5nczTiM:MGy9S4oYbhjijTUvC5czTiM
Static task
static1
Behavioral task
behavioral1
Sample
google-chrome-26-0-1410-5-dev-26.0.1410.5_chrome_installer.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
google-chrome-26-0-1410-5-dev-26.0.1410.5_chrome_installer.exe
-
Size
31.4MB
-
MD5
95183396a1038d95304556635fa40b7f
-
SHA1
a8b36d990fa6a389ce64860f0f9f49a0d1be86e4
-
SHA256
5206961fd8041dff18a4f9cd23ed7540756522280768da8ff6b9f455ea9383a8
-
SHA512
52ea993ada1deecc915fe1765c2fe9591a18539ca4056d9e3be3f2e5c69b20064e2fcb3d2d733d1475512d9b5e460f40951972da31b7cb02a75e5b5789db6897
-
SSDEEP
786432:t9wXGyFvS4YEk9S5xb9QGO1g9PoPUgUYUC5nczTiM:MGy9S4oYbhjijTUvC5czTiM
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
1Component Object Model Hijacking
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1