Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    7.2MB

  • Sample

    221102-3fzrcacff9

  • MD5

    819421783b9a637ad85eb4645e5bf3f0

  • SHA1

    66feb1eec5d150d58640629256bfebc543355af9

  • SHA256

    06f235cc1f8031948ab22f7cc7ba2c1e727a4c93bf65ae3ee63b90affe2306ea

  • SHA512

    460bb83227e4b5e82ba04f525e08365519fabf70ee40f422913383f8637a0746b4254a479d127e5860cdb94c14dd3f7795d8cec683dbd94cca39f9dfb1cd3e44

  • SSDEEP

    196608:91O3T48n2Ty/wM7rS/Jh0p+8OiaZ/9QWEbEAvuYA0eh6gEC:3OE02Tyx6/Jh0M/7ZFQWcEY/eYgEC

Malware Config

Targets

    • Target

      file.exe

    • Size

      7.2MB

    • MD5

      819421783b9a637ad85eb4645e5bf3f0

    • SHA1

      66feb1eec5d150d58640629256bfebc543355af9

    • SHA256

      06f235cc1f8031948ab22f7cc7ba2c1e727a4c93bf65ae3ee63b90affe2306ea

    • SHA512

      460bb83227e4b5e82ba04f525e08365519fabf70ee40f422913383f8637a0746b4254a479d127e5860cdb94c14dd3f7795d8cec683dbd94cca39f9dfb1cd3e44

    • SSDEEP

      196608:91O3T48n2Ty/wM7rS/Jh0p+8OiaZ/9QWEbEAvuYA0eh6gEC:3OE02Tyx6/Jh0M/7ZFQWcEY/eYgEC

    • Modifies Windows Defender Real-time Protection settings

    • Windows security bypass

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.