Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5512ad06b424fd085fceb25b51ac3597f01c2dde7c6c77048e225597ea3d2317

  • Size

    1.3MB

  • Sample

    221011-c74lhabfcj

  • MD5

    7c68c5320e98e8d617fca8e6cf142a40

  • SHA1

    84815db970023be773fd096c17828a7daef2f4eb

  • SHA256

    5512ad06b424fd085fceb25b51ac3597f01c2dde7c6c77048e225597ea3d2317

  • SHA512

    8943f0f13838ffdf834e87be87a12d44fc65c84816e34bde6bf47a391fefa38a74d0d85b32fc1a0f9c9d08d041545988381e5b25b498008f3ac05563ccf7936d

  • SSDEEP

    3072:fN5q0LwrHmp4hJo4SaW4A1nx3gCBTAIYVXcJfT8Keout:fNKoS

Malware Config

Targets

    • Target

      5512ad06b424fd085fceb25b51ac3597f01c2dde7c6c77048e225597ea3d2317

    • Size

      1.3MB

    • MD5

      7c68c5320e98e8d617fca8e6cf142a40

    • SHA1

      84815db970023be773fd096c17828a7daef2f4eb

    • SHA256

      5512ad06b424fd085fceb25b51ac3597f01c2dde7c6c77048e225597ea3d2317

    • SHA512

      8943f0f13838ffdf834e87be87a12d44fc65c84816e34bde6bf47a391fefa38a74d0d85b32fc1a0f9c9d08d041545988381e5b25b498008f3ac05563ccf7936d

    • SSDEEP

      3072:fN5q0LwrHmp4hJo4SaW4A1nx3gCBTAIYVXcJfT8Keout:fNKoS

    • Modifies firewall policy service

    • Modifies security service

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Sets file execution options in registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks