Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9b831491d41f8a6e59ed10ce7e72caf62f40eecd7d98db1b7fa1c3f9ef5d6732N.exe

  • Size

    749KB

  • Sample

    241225-3w971sskcl

  • MD5

    e68369e17367e41717dbb16caddc9d30

  • SHA1

    f2dc50d804f963797d65eb9b06a69d38fb7fd358

  • SHA256

    9b831491d41f8a6e59ed10ce7e72caf62f40eecd7d98db1b7fa1c3f9ef5d6732

  • SHA512

    06ebcaf9ec06f95bfb76bcd685ae752c6c27a516c9b8a9c1d6752d6d46fa402866a988162a3e4163a9faed64872afbe933e6f8fcd79d551452f3d63a4bdf5fe0

  • SSDEEP

    12288:eKQbsJFJLEBMmOI7T7/BH0Cxf7377ZMhp2Wrz+91Gq3Tq0WN699y+8SAKBjvrEHM:eK+SL3mOIj/BHlf77NMhp7z01L3Tq5Ni

Malware Config

Targets

    • Target

      9b831491d41f8a6e59ed10ce7e72caf62f40eecd7d98db1b7fa1c3f9ef5d6732N.exe

    • Size

      749KB

    • MD5

      e68369e17367e41717dbb16caddc9d30

    • SHA1

      f2dc50d804f963797d65eb9b06a69d38fb7fd358

    • SHA256

      9b831491d41f8a6e59ed10ce7e72caf62f40eecd7d98db1b7fa1c3f9ef5d6732

    • SHA512

      06ebcaf9ec06f95bfb76bcd685ae752c6c27a516c9b8a9c1d6752d6d46fa402866a988162a3e4163a9faed64872afbe933e6f8fcd79d551452f3d63a4bdf5fe0

    • SSDEEP

      12288:eKQbsJFJLEBMmOI7T7/BH0Cxf7377ZMhp2Wrz+91Gq3Tq0WN699y+8SAKBjvrEHM:eK+SL3mOIj/BHlf77NMhp7z01L3Tq5Ni

    • Floxif family

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks