Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
test.bat
-
Size
532B
-
Sample
250305-1mx5zs1jv5
-
MD5
31c1a3b7ca1a53b2329747710c4f453a
-
SHA1
097e4cf654f0edc37ae66eca54aa349bec94bb54
-
SHA256
816666326e1e0d9a58c505bad1bb94b882dab6edf9ec4ccbe0ae5674ebf95f96
-
SHA512
1168f9e47eaf20e4dfad632344cc3d536f03eee556c42015dc4e82684dbb605cbe556002ff5ebe1ea3e53987cd09720fcec6ef9a578b1379035d92e219b3627c
Malware Config
Targets
-
-
Target
test.bat
-
Size
532B
-
MD5
31c1a3b7ca1a53b2329747710c4f453a
-
SHA1
097e4cf654f0edc37ae66eca54aa349bec94bb54
-
SHA256
816666326e1e0d9a58c505bad1bb94b882dab6edf9ec4ccbe0ae5674ebf95f96
-
SHA512
1168f9e47eaf20e4dfad632344cc3d536f03eee556c42015dc4e82684dbb605cbe556002ff5ebe1ea3e53987cd09720fcec6ef9a578b1379035d92e219b3627c
Score10/10-
BadRabbit
Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
-
Badrabbit family
-
Modifies WinLogon for persistence
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Sets desktop wallpaper using registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Pre-OS Boot
1Bootkit
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Impair Defenses
1Safe Mode Boot
1Modify Registry
3Pre-OS Boot
1Bootkit
1