Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c54e9b087a5a42a3d0712efacb56dac279316c3a2a3a52f664dcb115d9cb070e.exe
-
Size
120KB
-
Sample
241210-g3y8fa1mgq
-
MD5
16336963acc0f729320b3e53094d6d77
-
SHA1
5db34a7ac61a3d14421576e4347aa98e31d02aec
-
SHA256
c54e9b087a5a42a3d0712efacb56dac279316c3a2a3a52f664dcb115d9cb070e
-
SHA512
601054d7229e6132ae9a63fa963b09f9d30c887b89cdc25bfba87d1c026853e835971fd2c4cb79c0c4f6fa2c3d53a67576f020b60259a98e1ee91500c6040c65
-
SSDEEP
3072:o0T5hEPnV9P2VgKqrKw9ifZ7fyV6Uv7uwU8Oj:o25hwnTBevoUvj
Static task
static1
Behavioral task
behavioral1
Sample
c54e9b087a5a42a3d0712efacb56dac279316c3a2a3a52f664dcb115d9cb070e.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
c54e9b087a5a42a3d0712efacb56dac279316c3a2a3a52f664dcb115d9cb070e.exe
-
Size
120KB
-
MD5
16336963acc0f729320b3e53094d6d77
-
SHA1
5db34a7ac61a3d14421576e4347aa98e31d02aec
-
SHA256
c54e9b087a5a42a3d0712efacb56dac279316c3a2a3a52f664dcb115d9cb070e
-
SHA512
601054d7229e6132ae9a63fa963b09f9d30c887b89cdc25bfba87d1c026853e835971fd2c4cb79c0c4f6fa2c3d53a67576f020b60259a98e1ee91500c6040c65
-
SSDEEP
3072:o0T5hEPnV9P2VgKqrKw9ifZ7fyV6Uv7uwU8Oj:o25hwnTBevoUvj
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5