Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
getapp
-
Size
82KB
-
Sample
250115-q3fwjatrfz
-
MD5
06dc29a6f0aad68bad517ac89a3055a5
-
SHA1
dc61794754b62b8cdd4cc5c2ae4612ef0c11c1ef
-
SHA256
edb3554e48c8e4751c020b257a0f4927b37ef4c17e244f535dd144c63618c830
-
SHA512
61018bd7285fc95d624baec2501adacc17bdb5c4e670e30b166ebf5a1f68761bfb63b453e4cd2cf1e7d0939085dde11cb2b55af6df2bc78c20fef953f697b4ac
-
SSDEEP
1536:cS+y6AIkZzK4eg9l1cp4S41n6w2XKnoeRX5p7qaHbp/c7wP:v+y6AIepgzsLRkw
Static task
static1
Behavioral task
behavioral1
Sample
getapp.html
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
getapp
-
Size
82KB
-
MD5
06dc29a6f0aad68bad517ac89a3055a5
-
SHA1
dc61794754b62b8cdd4cc5c2ae4612ef0c11c1ef
-
SHA256
edb3554e48c8e4751c020b257a0f4927b37ef4c17e244f535dd144c63618c830
-
SHA512
61018bd7285fc95d624baec2501adacc17bdb5c4e670e30b166ebf5a1f68761bfb63b453e4cd2cf1e7d0939085dde11cb2b55af6df2bc78c20fef953f697b4ac
-
SSDEEP
1536:cS+y6AIkZzK4eg9l1cp4S41n6w2XKnoeRX5p7qaHbp/c7wP:v+y6AIepgzsLRkw
-
BadRabbit
Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
-
Badrabbit family
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Event Triggered Execution
1Component Object Model Hijacking
1Pre-OS Boot
1Bootkit
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Event Triggered Execution
1Component Object Model Hijacking
1Scheduled Task/Job
1Scheduled Task
1