Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4e1919969760e7f9b30e30dc751f3e3f17cad17345a34f8dc5ae88f576ba8f3cN.exe
-
Size
120KB
-
Sample
241210-sy3wlstpfq
-
MD5
849642da0ca58f0b338ff101c7e813d0
-
SHA1
6f841f89ed15c5e73ef79bcc07056f1d5f3a8640
-
SHA256
4e1919969760e7f9b30e30dc751f3e3f17cad17345a34f8dc5ae88f576ba8f3c
-
SHA512
9a3d037fd6d0cf8e9ee4e4e6ffbaefaa4843b9446040eb22e61862d7573654c70f064097e742b6a79c7f514581e3b3edd6cc51e8259ea98b02b28515d1cc643c
-
SSDEEP
1536:wAIUPIU68VHeJSlIoj01+jc1E6X5BLE3gLMD6KZmM45EKxM8T854wIoBMM52:QU68ISlIoo13XTE31OOmMWNM2IIouB
Static task
static1
Behavioral task
behavioral1
Sample
4e1919969760e7f9b30e30dc751f3e3f17cad17345a34f8dc5ae88f576ba8f3cN.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
4e1919969760e7f9b30e30dc751f3e3f17cad17345a34f8dc5ae88f576ba8f3cN.exe
-
Size
120KB
-
MD5
849642da0ca58f0b338ff101c7e813d0
-
SHA1
6f841f89ed15c5e73ef79bcc07056f1d5f3a8640
-
SHA256
4e1919969760e7f9b30e30dc751f3e3f17cad17345a34f8dc5ae88f576ba8f3c
-
SHA512
9a3d037fd6d0cf8e9ee4e4e6ffbaefaa4843b9446040eb22e61862d7573654c70f064097e742b6a79c7f514581e3b3edd6cc51e8259ea98b02b28515d1cc643c
-
SSDEEP
1536:wAIUPIU68VHeJSlIoj01+jc1E6X5BLE3gLMD6KZmM45EKxM8T854wIoBMM52:QU68ISlIoo13XTE31OOmMWNM2IIouB
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5