Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
93e2a35b38141a0fd253002dfa618f132fe66c1078e6d6037923e0bc9b2b4ab9.exe
-
Size
65KB
-
Sample
250202-el5msawmbj
-
MD5
eb1e55ad29cf0c61d345f5cd43cfc981
-
SHA1
e5cdab866d62b06df70538fa5def7546b4018b92
-
SHA256
93e2a35b38141a0fd253002dfa618f132fe66c1078e6d6037923e0bc9b2b4ab9
-
SHA512
7d2a3ee71139040c2a5c82b462877255105dbb5673bf86321a44c034cdeaf23f0ed90306ea449c922cb0731888baa77a4649f0f690e27c912492c09eaa9a0616
-
SSDEEP
1536:5KwQdh7YOFD49r0TV0+dmqrayqpihZrWy1ZCoX:gwQdqmcJ0h7wqXZrhZjX
Static task
static1
Behavioral task
behavioral1
Sample
93e2a35b38141a0fd253002dfa618f132fe66c1078e6d6037923e0bc9b2b4ab9.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
93e2a35b38141a0fd253002dfa618f132fe66c1078e6d6037923e0bc9b2b4ab9.exe
-
Size
65KB
-
MD5
eb1e55ad29cf0c61d345f5cd43cfc981
-
SHA1
e5cdab866d62b06df70538fa5def7546b4018b92
-
SHA256
93e2a35b38141a0fd253002dfa618f132fe66c1078e6d6037923e0bc9b2b4ab9
-
SHA512
7d2a3ee71139040c2a5c82b462877255105dbb5673bf86321a44c034cdeaf23f0ed90306ea449c922cb0731888baa77a4649f0f690e27c912492c09eaa9a0616
-
SSDEEP
1536:5KwQdh7YOFD49r0TV0+dmqrayqpihZrWy1ZCoX:gwQdqmcJ0h7wqXZrhZjX
-
Modifies firewall policy service
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5