Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5c9474db5b40323e40a6ff476beffe19fa7935dc3ade29d445fa8ac3079a187a
-
Size
4.0MB
-
Sample
220919-z5pe5addcr
-
MD5
c67263056aff53ca1e39c81b736959f5
-
SHA1
4f6403ffd2bce411b50be725d1f538078889dd4a
-
SHA256
5c9474db5b40323e40a6ff476beffe19fa7935dc3ade29d445fa8ac3079a187a
-
SHA512
1109b3fbe1040b3d3dca35c189106eb68f025fa8e5d2fa32236fb54229d95a0a544093c122aa650e9b699a99a09a9aaff86a547390190149cc71195a450fb7b4
-
SSDEEP
1536:+EfFNvtgmAl7z5dKY6yuJPW8K43w9NXOM1aRl/i6JWT0S9yXnBibnouy8:+YLmGO4W849NXO9RlK6gOxiDout
Malware Config
Targets
-
-
Target
5c9474db5b40323e40a6ff476beffe19fa7935dc3ade29d445fa8ac3079a187a
-
Size
4.0MB
-
MD5
c67263056aff53ca1e39c81b736959f5
-
SHA1
4f6403ffd2bce411b50be725d1f538078889dd4a
-
SHA256
5c9474db5b40323e40a6ff476beffe19fa7935dc3ade29d445fa8ac3079a187a
-
SHA512
1109b3fbe1040b3d3dca35c189106eb68f025fa8e5d2fa32236fb54229d95a0a544093c122aa650e9b699a99a09a9aaff86a547390190149cc71195a450fb7b4
-
SSDEEP
1536:+EfFNvtgmAl7z5dKY6yuJPW8K43w9NXOM1aRl/i6JWT0S9yXnBibnouy8:+YLmGO4W849NXO9RlK6gOxiDout
Score10/10-
Modifies firewall policy service
-
Modifies security service
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
UAC bypass
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Sets file execution options in registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-