Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Bootstrapper.exe

windows10-ltsc_2021-x64

10

�ܪ�c�t.pyc

windows10-ltsc_2021-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Bootstrapper.exe

  • Size

    6.0MB

  • Sample

    250326-lmqzcawnw4

  • MD5

    11b54758047802a8525dfaacc52a1ae6

  • SHA1

    3ddaae76167563d27f35036e566969ae0e986800

  • SHA256

    4abee42e011a5989fe25cc72662149f00097cb072092f24bcc3f214c2f26f5ec

  • SHA512

    d865237410dc005e61cebfd4acc9ec9b477ab9e5d59acfd7cb9b56615d0a826bc8611c553cf1c94ed67297fa35ff0ea7a8a58d11d57cae443c602008dc82e44a

  • SSDEEP

    98304:iWmEtdFBcQ6amaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RfPM3x/RMDVYj:iWFFlTeN/FJMIDJf0gsAGK4Rfk3kDVYj

Score
10/10
blankgrabberdefense_evasiondiscoveryexecutionupx

Malware Config

Targets

    • Target

      Bootstrapper.exe

    • Size

      6.0MB

    • MD5

      11b54758047802a8525dfaacc52a1ae6

    • SHA1

      3ddaae76167563d27f35036e566969ae0e986800

    • SHA256

      4abee42e011a5989fe25cc72662149f00097cb072092f24bcc3f214c2f26f5ec

    • SHA512

      d865237410dc005e61cebfd4acc9ec9b477ab9e5d59acfd7cb9b56615d0a826bc8611c553cf1c94ed67297fa35ff0ea7a8a58d11d57cae443c602008dc82e44a

    • SSDEEP

      98304:iWmEtdFBcQ6amaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RfPM3x/RMDVYj:iWFFlTeN/FJMIDJf0gsAGK4Rfk3kDVYj

    Score
    10/10
    defense_evasiondiscoveryexecutionupx

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

      defense_evasion

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

    • Target

      �ܪ�c�t.pyc

    • Size

      857B

    • MD5

      91efd68763a664f8a4c3b917272d6253

    • SHA1

      5a682d972401a899b73a5cdd1dd67bfdb1d4799c

    • SHA256

      305cb7c30bb9ef57c75a832f24e2bd1c064ea5dd49c56f1fbfedd907449574a8

    • SHA512

      f8bce932026d15aec5772e71ed130497e48f25aff6ed43a8dd244d85b630aa669f2b0891b448a5ea6759a0d797c01c0caea013958b38678b6205d050dfb30803

    Score
    1/10
    behavioral2

MITRE ATT&CK Enterprise v15

Tasks