Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    60dedf9ce14bc5592237afa354136f1dd4159e27a4c91efc2812797ecc272ae5

  • Size

    719KB

  • Sample

    221106-m95axsghc7

  • MD5

    09d579f0a7c71003dd8b72d59e4d2f24

  • SHA1

    b334aa8d67a9b6342a7ea2a414111973298b9776

  • SHA256

    60dedf9ce14bc5592237afa354136f1dd4159e27a4c91efc2812797ecc272ae5

  • SHA512

    7a1bb88c923fd8059ef7289b86ad19a33689408b4851f08e56651beffc6979380d58d981e9d47cd43f1f35bd395d75c80f687f5e4ac53ed38fdba675eca06d29

  • SSDEEP

    1536:LbnRuEbswtfKxehJN/Ba6gZblpuiv0SvaxyXaCbZZC4+06gjIrCTRknanwujxsfS:LbnRuEYcg+mliy5bdH6MI2TqnOY

Malware Config

Targets

    • Target

      60dedf9ce14bc5592237afa354136f1dd4159e27a4c91efc2812797ecc272ae5

    • Size

      719KB

    • MD5

      09d579f0a7c71003dd8b72d59e4d2f24

    • SHA1

      b334aa8d67a9b6342a7ea2a414111973298b9776

    • SHA256

      60dedf9ce14bc5592237afa354136f1dd4159e27a4c91efc2812797ecc272ae5

    • SHA512

      7a1bb88c923fd8059ef7289b86ad19a33689408b4851f08e56651beffc6979380d58d981e9d47cd43f1f35bd395d75c80f687f5e4ac53ed38fdba675eca06d29

    • SSDEEP

      1536:LbnRuEbswtfKxehJN/Ba6gZblpuiv0SvaxyXaCbZZC4+06gjIrCTRknanwujxsfS:LbnRuEYcg+mliy5bdH6MI2TqnOY

    • Modifies firewall policy service

    • Modifies security service

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Disables taskbar notifications via registry modification

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Sets file execution options in registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks