Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

09/02/2025, 07:36

250209-jfnjja1mgj 1

09/02/2025, 07:26

250209-h9yqxszkf1 8

General

  • Target

    JJSploit

  • Size

    17KB

  • Sample

    250209-h9yqxszkf1

  • MD5

    09b931267d190f7274e330d1b280e69f

  • SHA1

    860c4819ee89ec89ebd2678ca42ec379893cf170

  • SHA256

    d97e9ad7c628bedf45ba26f1445826cd0219fb5dc1b903558d3d1e252b636b0e

  • SHA512

    d77f99a6c884e286fc62c25026f76397c1a52b19b59051845a489d5e9646f31c39cfaf2d10f3f6ac8688609f135de23e651062268bfcd6ee923013543f1826d8

  • SSDEEP

    384:TmAilU4IhGkUeUIOUeUmSEi/Li01UOUTVxWApJWDWigqWia03StSimSiYSi2jCak:TmAilU4yGkfvOflS5/u01/8xWApJingL

Malware Config

Targets

    • Target

      JJSploit

    • Size

      17KB

    • MD5

      09b931267d190f7274e330d1b280e69f

    • SHA1

      860c4819ee89ec89ebd2678ca42ec379893cf170

    • SHA256

      d97e9ad7c628bedf45ba26f1445826cd0219fb5dc1b903558d3d1e252b636b0e

    • SHA512

      d77f99a6c884e286fc62c25026f76397c1a52b19b59051845a489d5e9646f31c39cfaf2d10f3f6ac8688609f135de23e651062268bfcd6ee923013543f1826d8

    • SSDEEP

      384:TmAilU4IhGkUeUIOUeUmSEi/Li01UOUTVxWApJWDWigqWia03StSimSiYSi2jCak:TmAilU4yGkfvOflS5/u01/8xWApJingL

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Downloads MZ/PE file

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Legitimate hosting services abused for malware hosting/C2

    • Network Share Discovery

      Attempt to gather information on host network.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Detected potential entity reuse from brand GOOGLE.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks