Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0a3d61ed84c5209a6c9996b3a46257ab2cd1400fb39982dc87727732df9280a3

  • Size

    255KB

  • Sample

    221106-tm9epaafh2

  • MD5

    1aa4d12e684f098a188520250ac71f4e

  • SHA1

    8d427ee12d9bd0db77f0acce2637cc715d440e8c

  • SHA256

    0a3d61ed84c5209a6c9996b3a46257ab2cd1400fb39982dc87727732df9280a3

  • SHA512

    54a0b72df926dc38e59fe15c2d596bb25b343fc30a7718d6e863d4b5070773f9e42807e30ca50e9adb0bda4cebfe892e9aea15a6b6354302c9d20770be34a945

  • SSDEEP

    3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJC:1xlZam+akqx6YQJXcNlEHUIQeE3mmBI1

Malware Config

Targets

    • Target

      0a3d61ed84c5209a6c9996b3a46257ab2cd1400fb39982dc87727732df9280a3

    • Size

      255KB

    • MD5

      1aa4d12e684f098a188520250ac71f4e

    • SHA1

      8d427ee12d9bd0db77f0acce2637cc715d440e8c

    • SHA256

      0a3d61ed84c5209a6c9996b3a46257ab2cd1400fb39982dc87727732df9280a3

    • SHA512

      54a0b72df926dc38e59fe15c2d596bb25b343fc30a7718d6e863d4b5070773f9e42807e30ca50e9adb0bda4cebfe892e9aea15a6b6354302c9d20770be34a945

    • SSDEEP

      3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJC:1xlZam+akqx6YQJXcNlEHUIQeE3mmBI1

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies WinLogon

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks