Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Screenshot 2025-01-22 09.46.35.png

  • Size

    48KB

  • Sample

    250213-m8s69sxpay

  • MD5

    2ebc0dbca728bb3136a053f47cccd4fd

  • SHA1

    f3ab1643e3e45df2ebc233449979a6a349a25593

  • SHA256

    fa8500b738175f66186567ab06496fbbb3fbd4ce0740bc76ae989f167fc0910f

  • SHA512

    d53a944c7176bc54615de69a249a8d1848621cdeaae399bbf239fe11b51da4d10581e011209cacce8f720abc28b8dc38413728f2ca48d6ab4969666e26051b3d

  • SSDEEP

    1536:8SwQhG5Wo1hmOpxwiXLIJIaReWS9n9BGb:8S85WoxJb8nSV/Gb

Malware Config

Targets

    • Target

      Screenshot 2025-01-22 09.46.35.png

    • Size

      48KB

    • MD5

      2ebc0dbca728bb3136a053f47cccd4fd

    • SHA1

      f3ab1643e3e45df2ebc233449979a6a349a25593

    • SHA256

      fa8500b738175f66186567ab06496fbbb3fbd4ce0740bc76ae989f167fc0910f

    • SHA512

      d53a944c7176bc54615de69a249a8d1848621cdeaae399bbf239fe11b51da4d10581e011209cacce8f720abc28b8dc38413728f2ca48d6ab4969666e26051b3d

    • SSDEEP

      1536:8SwQhG5Wo1hmOpxwiXLIJIaReWS9n9BGb:8S85WoxJb8nSV/Gb

    • Detected google phishing page

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks