Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f79c90eda6c8ea21e60f6a8a707e758513e13e0081258606b0a4750a0af0e438

  • Size

    3.8MB

  • Sample

    220914-2b5lcsfcbj

  • MD5

    ca940ba23a365839caa3091ce3d47219

  • SHA1

    6becb2dc6f5230a66e2840d801d34034e0216c92

  • SHA256

    f79c90eda6c8ea21e60f6a8a707e758513e13e0081258606b0a4750a0af0e438

  • SHA512

    021abcfd4a524ec6c912f82a50d69582315f96773cdbbb2d2b723ffae6911eda31916d40fb1055cc3e3be57a109f6294fed76f735bf0bb3fdece38ed1acd50e9

  • SSDEEP

    98304:sa/l7xGEPRfn8N/U7XXA5R/rNMH7N6DwHVSNlqk4WuJ:X/ldFPxn8K7nAXrN6VHklqk4/

Malware Config

Targets

    • Target

      f79c90eda6c8ea21e60f6a8a707e758513e13e0081258606b0a4750a0af0e438

    • Size

      3.8MB

    • MD5

      ca940ba23a365839caa3091ce3d47219

    • SHA1

      6becb2dc6f5230a66e2840d801d34034e0216c92

    • SHA256

      f79c90eda6c8ea21e60f6a8a707e758513e13e0081258606b0a4750a0af0e438

    • SHA512

      021abcfd4a524ec6c912f82a50d69582315f96773cdbbb2d2b723ffae6911eda31916d40fb1055cc3e3be57a109f6294fed76f735bf0bb3fdece38ed1acd50e9

    • SSDEEP

      98304:sa/l7xGEPRfn8N/U7XXA5R/rNMH7N6DwHVSNlqk4WuJ:X/ldFPxn8K7nAXrN6VHklqk4/

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks