Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
image10.exe
-
Size
13.9MB
-
Sample
250221-3xb2lstncl
-
MD5
03c69563828abbfc9707e1adb1366854
-
SHA1
9db7241c232d9b38407e105554daf86279de2d84
-
SHA256
487893698387b44f643279ef376f1ce510ac8f2f15feeb0df9d71bbe099dff2e
-
SHA512
ed8255ac57df29a9c03d3175c4a24e19741b1e2527ac83c8f2ae40d7f1a85fe128ca11c6ec0131dc08f27c666f1a9c64ef5e9ad6d0b7b4b87f487e85b1675f60
-
SSDEEP
196608:nm/lOqPnih8FXj+hYeB0sKYu/PaQhKDnO8NpHzgsAGKaRZtG7cpXtqlnRlm0ozl6:JqPnLFCjQ8DOETgsv/Gwv6nW0+rk
Behavioral task
behavioral1
Sample
image10.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
image10.exe
Resource
win10v2004-20250217-en
Malware Config
Targets
-
-
Target
image10.exe
-
Size
13.9MB
-
MD5
03c69563828abbfc9707e1adb1366854
-
SHA1
9db7241c232d9b38407e105554daf86279de2d84
-
SHA256
487893698387b44f643279ef376f1ce510ac8f2f15feeb0df9d71bbe099dff2e
-
SHA512
ed8255ac57df29a9c03d3175c4a24e19741b1e2527ac83c8f2ae40d7f1a85fe128ca11c6ec0131dc08f27c666f1a9c64ef5e9ad6d0b7b4b87f487e85b1675f60
-
SSDEEP
196608:nm/lOqPnih8FXj+hYeB0sKYu/PaQhKDnO8NpHzgsAGKaRZtG7cpXtqlnRlm0ozl6:JqPnLFCjQ8DOETgsv/Gwv6nW0+rk
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1