Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Precedenti...ti.exe

windows11-21h2-x64

10

msimg32.dll

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Precedenti di violazione dei contenuti.zip

  • Size

    206.1MB

  • Sample

    250107-jxd2estndj

  • MD5

    7defc67225f6b4a41ed4d00f9a2407ee

  • SHA1

    34a17225489aa33180aeaeaaef25c3e1b6fe28ee

  • SHA256

    8d851febf33307b4b35fe57611cabd1a852c2b3c33990a17c6808cad84e969b2

  • SHA512

    6da102b4c1bc5763b61f352df7de8305f157fc1bb51d17cd08fa8b962b410e422962edaecb66ad0614a59ce254f1bf3c376e2a38848308f871765e8d4efc0710

  • SSDEEP

    6291456:PVP4+nzKvx+MXydr5d+PedEboT2pvUuup/emS1C1h:tg2Kfcd/WboTuup//ICT

Score
10/10
discoverypersistence

Malware Config

Targets

    • Target

      Precedenti di violazione dei contenuti.exe

    • Size

      6.1MB

    • MD5

      4864a55cff27f686023456a22371e790

    • SHA1

      6ed30c0371fe167d38411bfa6d720fcdcacc4f4c

    • SHA256

      08c7fb6067acc8ac207d28ab616c9ea5bc0d394956455d6a3eecb73f8010f7a2

    • SHA512

      4bd3a16435cca6ce7a7aa829eb967619a8b7c02598474e634442cffc55935870d54d844a04496bf9c7e8c29c40fae59ac6eb39c8550c091d06a28211491d0bfb

    • SSDEEP

      98304:VZQIM+/nv/CDoAkYwpAa5ge1zZ/jtdZwUkQ:bJCKlA2VKUz

    Score
    10/10
    discoverypersistence

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Adds Run key to start application

      persistence
    behavioral1

    • Target

      msimg32.dll

    • Size

      31.4MB

    • MD5

      89251cc68b1e4f944c70bf906911ecae

    • SHA1

      98b65fccf300e4a85575f1a62e7b3bc54ef0b910

    • SHA256

      4a80e0e5d4822b96fb9bd71c0f82bafad1661828af2d7004d4429ffa3b9ef6d2

    • SHA512

      41be121404640198bb1bb21a13e294b658d7f08a8f70747b9ca115c229a288aba61fa58d776c845e46e0bb5f3be40a6e7cf5bd491a0688df2d5cb86fb53176aa

    • SSDEEP

      393216:Ue3INPM39bBqsr7+0Xx93by0WWZ2z8BCBkYplJIdqaw:UeYNM39bBFrVx93bdZ2k8Odqaw

    Score
    10/10
    discoverypersistence

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Adds Run key to start application

      persistence
    behavioral2

MITRE ATT&CK Enterprise v15

Tasks