Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    856c3df7946ae567388eb3ed1612e4b2e17003ce6d140515f3f0ae7f554b4c7eN.exe

  • Size

    37KB

  • Sample

    241130-fsrvyaylej

  • MD5

    47dcb0f1b08280a3a86de547be9e61a0

  • SHA1

    91fc0d6001de4442200fd844d97ad1742ef8ab5c

  • SHA256

    856c3df7946ae567388eb3ed1612e4b2e17003ce6d140515f3f0ae7f554b4c7e

  • SHA512

    767c1e78d1c2670a35cdd2b0389bd0971af22b62d01b8c29c99114815da5e595f5938ee6333f401bc820bfdbb50907916d37e575baf9a83a14afc9a13cb56e41

  • SSDEEP

    768:sIUomGz54SKEv7DltPkvgpREnOZGwXNiOA9uce7ezbB2ZLo5f1zRHf7CLQw53AIY:saKvEbPkvgAZCNQQceUl

Malware Config

Targets

    • Target

      856c3df7946ae567388eb3ed1612e4b2e17003ce6d140515f3f0ae7f554b4c7eN.exe

    • Size

      37KB

    • MD5

      47dcb0f1b08280a3a86de547be9e61a0

    • SHA1

      91fc0d6001de4442200fd844d97ad1742ef8ab5c

    • SHA256

      856c3df7946ae567388eb3ed1612e4b2e17003ce6d140515f3f0ae7f554b4c7e

    • SHA512

      767c1e78d1c2670a35cdd2b0389bd0971af22b62d01b8c29c99114815da5e595f5938ee6333f401bc820bfdbb50907916d37e575baf9a83a14afc9a13cb56e41

    • SSDEEP

      768:sIUomGz54SKEv7DltPkvgpREnOZGwXNiOA9uce7ezbB2ZLo5f1zRHf7CLQw53AIY:saKvEbPkvgAZCNQQceUl

    • Windows security bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Modifies WinLogon

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks