Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
01/03/2025, 12:05
250301-n9ewpszxft 1001/03/2025, 12:02
250301-n7vjda1mv9 801/03/2025, 12:00
250301-n6askszwhw 1001/03/2025, 11:57
250301-n4qe9a1lw5 801/03/2025, 11:54
250301-n246mazwby 801/03/2025, 11:51
250301-n1j43a1kx6 1001/03/2025, 11:48
250301-nyxmda1kt4 601/03/2025, 11:46
250301-nxbzaa1jz4 10General
-
Target
https://github.com/enginestein/Virus-Collection/tree/main/Windows/Binaries/Ransomware/GoldenEye
-
Sample
250301-n9ewpszxft
Malware Config
Targets
-
-
Target
https://github.com/enginestein/Virus-Collection/tree/main/Windows/Binaries/Ransomware/GoldenEye
Score10/10-
Mimikatz
mimikatz is an open source tool to dump credentials on Windows.
-
Mimikatz family
-
Modifies Windows Defender Real-time Protection settings
-
Troldesh family
-
Troldesh, Shade, Encoder.858
Troldesh is a ransomware spread by malspam.
-
UAC bypass
-
mimikatz is an open source tool to dump credentials on Windows
-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Downloads MZ/PE file
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Legitimate hosting services abused for malware hosting/C2
-
Modifies WinLogon
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Hide Artifacts: Hidden Users
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
1Hidden Users
1Impair Defenses
2Disable or Modify Tools
2Modify Registry
5Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1