Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
CG_Loader.exe
-
Size
4.3MB
-
Sample
250125-q5fcsaxjfn
-
MD5
c25c2a6060a71bd7707444a6f6474250
-
SHA1
ce8bae5c3c5cfda3b3136644abce36c14ca5acde
-
SHA256
91b99f2ebbabad81a8804730e9671329bd79d4b5ccbbb22c4da2eb365da2c68c
-
SHA512
1c79d92c755faff11cbb89281e49ebfbb90c86b3b7101bbf6c5c6d5349a8daa281d3e6432306d752e84a73b4a20286f763500e68100194e9e1a90edcec8b4ac4
-
SSDEEP
49152:lQgouwpmfwnrF8OB6kC1C8EDoXACGVi9BXrySUWTOGyMjvLUKo+Oc:lQ9u+nRVr28DcAZ0BXr3XTTvLUKov
Static task
static1
Behavioral task
behavioral1
Sample
CG_Loader.exe
Resource
win10ltsc2021-20250113-en
Malware Config
Targets
-
-
Target
CG_Loader.exe
-
Size
4.3MB
-
MD5
c25c2a6060a71bd7707444a6f6474250
-
SHA1
ce8bae5c3c5cfda3b3136644abce36c14ca5acde
-
SHA256
91b99f2ebbabad81a8804730e9671329bd79d4b5ccbbb22c4da2eb365da2c68c
-
SHA512
1c79d92c755faff11cbb89281e49ebfbb90c86b3b7101bbf6c5c6d5349a8daa281d3e6432306d752e84a73b4a20286f763500e68100194e9e1a90edcec8b4ac4
-
SSDEEP
49152:lQgouwpmfwnrF8OB6kC1C8EDoXACGVi9BXrySUWTOGyMjvLUKo+Oc:lQ9u+nRVr28DcAZ0BXr3XTTvLUKov
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Hide Artifacts: Hidden Files and Directories
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1System Services
1Service Execution
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
2Component Object Model Hijacking
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
2Component Object Model Hijacking
1Netsh Helper DLL
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
2Disable or Modify System Firewall
1Modify Registry
1