Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9744476e066b90044db4fa5f501c4670c0ba3dc03dc07ee43fcb6ba140a741c6

  • Size

    445KB

  • Sample

    221011-nsevdacffr

  • MD5

    7d29491defd63eb9a66673a4e8929610

  • SHA1

    7c0b58795bc86dbfeb9c3763d33e1072ccd917b4

  • SHA256

    9744476e066b90044db4fa5f501c4670c0ba3dc03dc07ee43fcb6ba140a741c6

  • SHA512

    fe0e531a38bad87452eb663289691239dbf3e44b6e5ea903cf383b19a664ad49520e8b6d5efe05e7f283c8badfa3c0a16c9c98f1f3cd887a7e74bc57b4db280d

  • SSDEEP

    12288:4+d4na+Or3g4ADajEXYvu2XqbDjfTBc3VzF1bLbm8s3mjYyyTeH+:4++iU4ADaj6YmJbXfT23VRx7N8le+

Malware Config

Targets

    • Target

      9744476e066b90044db4fa5f501c4670c0ba3dc03dc07ee43fcb6ba140a741c6

    • Size

      445KB

    • MD5

      7d29491defd63eb9a66673a4e8929610

    • SHA1

      7c0b58795bc86dbfeb9c3763d33e1072ccd917b4

    • SHA256

      9744476e066b90044db4fa5f501c4670c0ba3dc03dc07ee43fcb6ba140a741c6

    • SHA512

      fe0e531a38bad87452eb663289691239dbf3e44b6e5ea903cf383b19a664ad49520e8b6d5efe05e7f283c8badfa3c0a16c9c98f1f3cd887a7e74bc57b4db280d

    • SSDEEP

      12288:4+d4na+Or3g4ADajEXYvu2XqbDjfTBc3VzF1bLbm8s3mjYyyTeH+:4++iU4ADaj6YmJbXfT23VRx7N8le+

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks