Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Built.exe
-
Size
8.2MB
-
Sample
250125-tj2kns1qhq
-
MD5
d2387c7f80bf427bd3431d584e9c977e
-
SHA1
fb1831c5c4aaf095fdbdd0091db84a0837fd8864
-
SHA256
5753c3c61f5b600aa02d4550516cf6309c6c1798cc0aab364bd7d7f422860485
-
SHA512
17128e023635f7733740be71fbbda149124da4c26bfa634fb277ea886ef711b0909f3d94e7167814b3177ea3e3ca79c8d360509c283eea81bfea4b16510786b9
-
SSDEEP
196608:4xY0cDxJ1z39Ljv+bhqNVoBKUh8mz4Iv9PNXCEHt4IhI:yi31z3FL+9qz8/b4ILyEGIhI
Behavioral task
behavioral1
Sample
Built.exe
Resource
win10ltsc2021-20250113-en
Malware Config
Targets
-
-
Target
Built.exe
-
Size
8.2MB
-
MD5
d2387c7f80bf427bd3431d584e9c977e
-
SHA1
fb1831c5c4aaf095fdbdd0091db84a0837fd8864
-
SHA256
5753c3c61f5b600aa02d4550516cf6309c6c1798cc0aab364bd7d7f422860485
-
SHA512
17128e023635f7733740be71fbbda149124da4c26bfa634fb277ea886ef711b0909f3d94e7167814b3177ea3e3ca79c8d360509c283eea81bfea4b16510786b9
-
SSDEEP
196608:4xY0cDxJ1z39Ljv+bhqNVoBKUh8mz4Iv9PNXCEHt4IhI:yi31z3FL+9qz8/b4ILyEGIhI
-
Deletes Windows Defender Definitions
Uses mpcmdrun utility to delete all AV definitions.
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3