Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    056c0429b9d6e5cb9712122b1d5b595266770f18fbee401190f7b6a121688b70

  • Size

    604KB

  • Sample

    221127-dvv92aaf2t

  • MD5

    edd1c81a483697c75f84c16047060bff

  • SHA1

    42511be0a2374fe81e2bd23e222341eadb18ab2d

  • SHA256

    056c0429b9d6e5cb9712122b1d5b595266770f18fbee401190f7b6a121688b70

  • SHA512

    b2f8624bbcf7caa016656a6051682420a3e195646d72f74b2420b7b19c9c1697b348d512139831c83f197ff0ddc4245b05d5ae2cc3a546cda8880b57064278bd

  • SSDEEP

    6144:psNyDWv14FcGtk1+Of1GhTNCTmEfbRE0687sqYMEcLmFoMj8S9xlNI43wIRzvsg2:pgwWa6G8pGJA5REuE91xlNI4Jzvsggv

Malware Config

Targets

    • Target

      056c0429b9d6e5cb9712122b1d5b595266770f18fbee401190f7b6a121688b70

    • Size

      604KB

    • MD5

      edd1c81a483697c75f84c16047060bff

    • SHA1

      42511be0a2374fe81e2bd23e222341eadb18ab2d

    • SHA256

      056c0429b9d6e5cb9712122b1d5b595266770f18fbee401190f7b6a121688b70

    • SHA512

      b2f8624bbcf7caa016656a6051682420a3e195646d72f74b2420b7b19c9c1697b348d512139831c83f197ff0ddc4245b05d5ae2cc3a546cda8880b57064278bd

    • SSDEEP

      6144:psNyDWv14FcGtk1+Of1GhTNCTmEfbRE0687sqYMEcLmFoMj8S9xlNI43wIRzvsg2:pgwWa6G8pGJA5REuE91xlNI4Jzvsggv

    • UAC bypass

    • Disables RegEdit via registry modification

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks