Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f2d300d8fb1ef1812db6c63ce75f419e4092742a123bb0ffb7e6c257d53a6b49

  • Size

    390KB

  • Sample

    221031-af98vsggbr

  • MD5

    2ef5b41a3b40b87a252ad568fe74bb53

  • SHA1

    57a38efa35497026fa81dec9d0a6e56dd3118fdc

  • SHA256

    f2d300d8fb1ef1812db6c63ce75f419e4092742a123bb0ffb7e6c257d53a6b49

  • SHA512

    9dfc0614f3ad919cf279da8f45218b4dee8c17c96089ef36a312f498906b64272f3769127c3540af79ac2349dd5431ff66d370eeb33f006d644694bb8fe4e728

  • SSDEEP

    6144:ZhvVlLB7RJ2IBsISG7WwEDQrYSZ5QRhv48aqHLrwtc7ITsq:ZhvfN7RgIeIr7W4YEQHQ8aq/l7

Malware Config

Targets

    • Target

      f2d300d8fb1ef1812db6c63ce75f419e4092742a123bb0ffb7e6c257d53a6b49

    • Size

      390KB

    • MD5

      2ef5b41a3b40b87a252ad568fe74bb53

    • SHA1

      57a38efa35497026fa81dec9d0a6e56dd3118fdc

    • SHA256

      f2d300d8fb1ef1812db6c63ce75f419e4092742a123bb0ffb7e6c257d53a6b49

    • SHA512

      9dfc0614f3ad919cf279da8f45218b4dee8c17c96089ef36a312f498906b64272f3769127c3540af79ac2349dd5431ff66d370eeb33f006d644694bb8fe4e728

    • SSDEEP

      6144:ZhvVlLB7RJ2IBsISG7WwEDQrYSZ5QRhv48aqHLrwtc7ITsq:ZhvfN7RgIeIr7W4YEQHQ8aq/l7

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks