Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
34c3f8ac32ffff914e04e41df02d0a323fa4f6c07b9c0a4f8fbe8347b52e8315.exe
-
Size
467KB
-
Sample
241231-dmz81strgx
-
MD5
be211fe64e808aa11b41265b9ef44e40
-
SHA1
bd0066ba72d5ff39aba3989e2a1af6b1feb61001
-
SHA256
34c3f8ac32ffff914e04e41df02d0a323fa4f6c07b9c0a4f8fbe8347b52e8315
-
SHA512
ed4f368b44c91a890f67573b588aebb37d863746273f938837d107c356bc5e4e4c03b903a803ab3fb31f5e52e7e1c49aa7d335386cb40e2e06cc15d327b25f81
-
SSDEEP
6144:4+rxvPoiHw7sQ65lZvygWnMF6kOr6ZOhm1wdZkRmxVEjPLox2xqBBgGLbSs:Prx3IsQelZvAnbRr6ZGm1wdZkIxYWj/3
Static task
static1
Behavioral task
behavioral1
Sample
34c3f8ac32ffff914e04e41df02d0a323fa4f6c07b9c0a4f8fbe8347b52e8315.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
34c3f8ac32ffff914e04e41df02d0a323fa4f6c07b9c0a4f8fbe8347b52e8315.exe
-
Size
467KB
-
MD5
be211fe64e808aa11b41265b9ef44e40
-
SHA1
bd0066ba72d5ff39aba3989e2a1af6b1feb61001
-
SHA256
34c3f8ac32ffff914e04e41df02d0a323fa4f6c07b9c0a4f8fbe8347b52e8315
-
SHA512
ed4f368b44c91a890f67573b588aebb37d863746273f938837d107c356bc5e4e4c03b903a803ab3fb31f5e52e7e1c49aa7d335386cb40e2e06cc15d327b25f81
-
SSDEEP
6144:4+rxvPoiHw7sQ65lZvygWnMF6kOr6ZOhm1wdZkRmxVEjPLox2xqBBgGLbSs:Prx3IsQelZvAnbRr6ZGm1wdZkIxYWj/3
-
Modifies firewall policy service
-
Sality family
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5