Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Screenshot 2025-01-22 09.46.35.png
-
Size
48KB
-
Sample
250213-m8s69sxpay
-
MD5
2ebc0dbca728bb3136a053f47cccd4fd
-
SHA1
f3ab1643e3e45df2ebc233449979a6a349a25593
-
SHA256
fa8500b738175f66186567ab06496fbbb3fbd4ce0740bc76ae989f167fc0910f
-
SHA512
d53a944c7176bc54615de69a249a8d1848621cdeaae399bbf239fe11b51da4d10581e011209cacce8f720abc28b8dc38413728f2ca48d6ab4969666e26051b3d
-
SSDEEP
1536:8SwQhG5Wo1hmOpxwiXLIJIaReWS9n9BGb:8S85WoxJb8nSV/Gb
Static task
static1
Behavioral task
behavioral1
Sample
Screenshot 2025-01-22 09.46.35.png
Resource
win10v2004-20250211-en
Malware Config
Targets
-
-
Target
Screenshot 2025-01-22 09.46.35.png
-
Size
48KB
-
MD5
2ebc0dbca728bb3136a053f47cccd4fd
-
SHA1
f3ab1643e3e45df2ebc233449979a6a349a25593
-
SHA256
fa8500b738175f66186567ab06496fbbb3fbd4ce0740bc76ae989f167fc0910f
-
SHA512
d53a944c7176bc54615de69a249a8d1848621cdeaae399bbf239fe11b51da4d10581e011209cacce8f720abc28b8dc38413728f2ca48d6ab4969666e26051b3d
-
SSDEEP
1536:8SwQhG5Wo1hmOpxwiXLIJIaReWS9n9BGb:8S85WoxJb8nSV/Gb
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Browser Extensions
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
1Component Object Model Hijacking
1