Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
uhard.dat
-
Size
14.0MB
-
Sample
250328-lta7gat1dx
-
MD5
1ab2548e89e865f83bce578b8aff8512
-
SHA1
1b451945f85137e38afcc183b26bb65aa2079b93
-
SHA256
5c83ef5c137cd2ad8d898b27acbac09a5f218a105aaecf39dc364df837f11d6d
-
SHA512
f34fa46b08f90b9c5bc3a1b46d20f28118d19f1cfc26847f08a42d28046dadf407d2d04bacc0ffd49ea222eb64123cb360d63b68083a42fab6a8755939cd14b4
-
SSDEEP
393216:OPsdXtBcda7nzo7Vd7Qv1CPwDvt3uFRCONTQP76Nuudq+/XSdEVB3:OITkl
Malware Config
Targets
-
-
Target
uhard.dat
-
Size
14.0MB
-
MD5
1ab2548e89e865f83bce578b8aff8512
-
SHA1
1b451945f85137e38afcc183b26bb65aa2079b93
-
SHA256
5c83ef5c137cd2ad8d898b27acbac09a5f218a105aaecf39dc364df837f11d6d
-
SHA512
f34fa46b08f90b9c5bc3a1b46d20f28118d19f1cfc26847f08a42d28046dadf407d2d04bacc0ffd49ea222eb64123cb360d63b68083a42fab6a8755939cd14b4
-
SSDEEP
393216:OPsdXtBcda7nzo7Vd7Qv1CPwDvt3uFRCONTQP76Nuudq+/XSdEVB3:OITkl
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Server Software Component: Terminal Services DLL
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1System Services
1Service Execution
1Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Scheduled Task
1Server Software Component
1Terminal Services DLL
1