Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0005fccb19fae2cf4df979e86c8165111ef686e3354934ca5400d3b7a474abdeN.exe
-
Size
120KB
-
Sample
241220-by65lawjhx
-
MD5
072850072997a7e56dfb84cf7f3d2300
-
SHA1
f8fd931a1516339b6e5f11fcade29865fd5cd2da
-
SHA256
0005fccb19fae2cf4df979e86c8165111ef686e3354934ca5400d3b7a474abde
-
SHA512
ed500e12b9c9d3f1ab9205b75ff624bc681809efed36cd2b43fa3223275e4631826711e328df5afe4a4cabb3e5b18268738f603ea03706e9f30c91da9f462dc3
-
SSDEEP
1536:P+NqEkM2KHKP6+J1bm/xvXOUbWuMLtrl8CVPEllffAAIYiwvzTIryGDf8dIofyx:PxX8HG6S1S/x2/fVqCAIxazcrt4mofC
Static task
static1
Behavioral task
behavioral1
Sample
0005fccb19fae2cf4df979e86c8165111ef686e3354934ca5400d3b7a474abdeN.dll
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
0005fccb19fae2cf4df979e86c8165111ef686e3354934ca5400d3b7a474abdeN.exe
-
Size
120KB
-
MD5
072850072997a7e56dfb84cf7f3d2300
-
SHA1
f8fd931a1516339b6e5f11fcade29865fd5cd2da
-
SHA256
0005fccb19fae2cf4df979e86c8165111ef686e3354934ca5400d3b7a474abde
-
SHA512
ed500e12b9c9d3f1ab9205b75ff624bc681809efed36cd2b43fa3223275e4631826711e328df5afe4a4cabb3e5b18268738f603ea03706e9f30c91da9f462dc3
-
SSDEEP
1536:P+NqEkM2KHKP6+J1bm/xvXOUbWuMLtrl8CVPEllffAAIYiwvzTIryGDf8dIofyx:PxX8HG6S1S/x2/fVqCAIxazcrt4mofC
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5