Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
db6335cd97bfb7827eef58389406da34_JaffaCakes118
-
Size
449KB
-
Sample
241209-y7m5eaznav
-
MD5
db6335cd97bfb7827eef58389406da34
-
SHA1
bf890f4796b84b0a43b52e14cb176cbfb6824b99
-
SHA256
e3a7576bcf3c4dbe622fee504f227b9277464a2052ec949f152da4217149f0ce
-
SHA512
e803210608f6093b373d1f2cf2519a8a327ca008c506dab10854963302c0a8ac381ce13992d6c5813aef84dd9b3c0fb508f5501bd535977d70618327d222e314
-
SSDEEP
12288:lxUI/vUesMeC+IuUZXkqG6zuNyYyPVTmCZFAbW:lxUovUeT+XUZXFuNyYyhHAy
Static task
static1
Behavioral task
behavioral1
Sample
conhost.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
conhost.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
csrss.exe
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
csrss.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
dwm.exe
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
dwm.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
conhost.txt
-
Size
170KB
-
MD5
7ac38de1d2bbed88a7a11e015d12a2a6
-
SHA1
661e558267e5b301e0df29e88ff12a3d783353d7
-
SHA256
81ba9b2a1b6cb4955eaa2e98181c0857f5debadf0c2c5db6c73edbebbf5a61ae
-
SHA512
c02a29345ea4898f5f0b98b3f08558adb0e9cfd681ff1be1979a672005f83107f8b1ede6623719fd9417fb9e8ed42ff9ceac10060ef360a7818959feaef94906
-
SSDEEP
3072:+YahorLVDXDnvSUldxcNsplALB+VvcS2lagG2ranXx/WU5kqlZJ5tV4fd6hRH:+Do3VDfZcOLAF+Vv2wH2raXpWy5rVwy
-
Cycbot family
-
Detects Cycbot payload
Cycbot is a backdoor and trojan written in C++.
-
Adds Run key to start application
-
-
-
Target
csrss.txt
-
Size
192KB
-
MD5
864a00dc8fb5fa5e012db37c02bc7885
-
SHA1
53e852f83632668b9d20a43014dce5e13b1ce9c9
-
SHA256
c1139525258f7bb519b02a7969a5c1a3494c084b73e3bbb7cda82587237a7cfe
-
SHA512
37b7bd106ef023eaf2de0e7fee16439db360e162bf33e6308c726cae26350785577f38eca2637f4853000fb7ffeef94e1671a0918d3f6edabd866d7e0550d9c7
-
SSDEEP
3072:eJ0idJvZLj1PC6XdOjQ93uoRCMqimiFCUoaN0CZSQBc5T+B7blSH70f0nA:9iDZLj1aAQjExnaQCHHQBcYR8H4g
-
Cycbot family
-
Detects Cycbot payload
Cycbot is a backdoor and trojan written in C++.
-
-
-
Target
dwm.txt
-
Size
176KB
-
MD5
e767c8cc82455adeb3449c6f4b52eecf
-
SHA1
96ae33d589e81d7732bddd480165712e593619a6
-
SHA256
ab1bc691bfbe5f8bb76938bcf024678dc8505dcd4c0cc811d6db5eb0f5174537
-
SHA512
914192a5c92c1aac13d3e726ba7c512dc8cd8f34b98809b1d56ada8382f3e39219cd043404472e02e98ceb590d3a0456d76c051edaa19e9cf0e15f6e23f4398a
-
SSDEEP
3072:ZyMyARFdjQh68vOj+OdgHzMC5oWQWqGbItt7QPL+aD1L4K:ZyMy68Q+OdqZoWzbktJQzXD1kK
-
Cycbot family
-
Detects Cycbot payload
Cycbot is a backdoor and trojan written in C++.
-
Modifies WinLogon for persistence
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1