Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ee231b3b70461825d69c5d292605b119f18e996ad1e1bb6fcdf203f1be9183cb

  • Size

    492KB

  • Sample

    221106-r4tz8afge5

  • MD5

    0d74fe0a9c554f12689a6e18af5b08a7

  • SHA1

    17cf62f3d7b4ce26ee323059002e872425fb03c5

  • SHA256

    ee231b3b70461825d69c5d292605b119f18e996ad1e1bb6fcdf203f1be9183cb

  • SHA512

    f439090fda3a76fe501ee9c2757414ced4a1d0b1963e167b02b1029f52806ffaf6b5c0fdb3354688fa5535bc3053d2e11f49a24143301d1774f12011a83e8718

  • SSDEEP

    12288:NbGx+je/ygu566z3w8iiuFDnNMkP8W2aSQkGvdGebCJK83:Nb1je/+X3w8Cn+kP8W8/Jx

Malware Config

Targets

    • Target

      ee231b3b70461825d69c5d292605b119f18e996ad1e1bb6fcdf203f1be9183cb

    • Size

      492KB

    • MD5

      0d74fe0a9c554f12689a6e18af5b08a7

    • SHA1

      17cf62f3d7b4ce26ee323059002e872425fb03c5

    • SHA256

      ee231b3b70461825d69c5d292605b119f18e996ad1e1bb6fcdf203f1be9183cb

    • SHA512

      f439090fda3a76fe501ee9c2757414ced4a1d0b1963e167b02b1029f52806ffaf6b5c0fdb3354688fa5535bc3053d2e11f49a24143301d1774f12011a83e8718

    • SSDEEP

      12288:NbGx+je/ygu566z3w8iiuFDnNMkP8W2aSQkGvdGebCJK83:Nb1je/+X3w8Cn+kP8W8/Jx

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks