Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7f78231c86222a0279f91873776349555087fc51845fb668c885ce21899ba79e

  • Size

    263KB

  • Sample

    221127-rysj7shh2z

  • MD5

    9df31e17af46a4c7d2965f3f933776de

  • SHA1

    6cc651676e746a405f149601bee7026fb0cef38b

  • SHA256

    7f78231c86222a0279f91873776349555087fc51845fb668c885ce21899ba79e

  • SHA512

    1c1bdbc76a4c40e7a9da41852f37f66151d0c3bb59fcf5cdbad3686446a640df07d2997fccae1174ae3cdcd38e4f889260314fdced10be171c834a52a633677d

  • SSDEEP

    3072:XauaSO3kjPlvmwCU7yMhb2HfY7EUDJJG6MQTsYxdbJYwurSquWSWAS9x00Ee3PtE:KCckjFJCUJbFdDJg6M2OluW19tPtIP

Malware Config

Targets

    • Target

      7f78231c86222a0279f91873776349555087fc51845fb668c885ce21899ba79e

    • Size

      263KB

    • MD5

      9df31e17af46a4c7d2965f3f933776de

    • SHA1

      6cc651676e746a405f149601bee7026fb0cef38b

    • SHA256

      7f78231c86222a0279f91873776349555087fc51845fb668c885ce21899ba79e

    • SHA512

      1c1bdbc76a4c40e7a9da41852f37f66151d0c3bb59fcf5cdbad3686446a640df07d2997fccae1174ae3cdcd38e4f889260314fdced10be171c834a52a633677d

    • SSDEEP

      3072:XauaSO3kjPlvmwCU7yMhb2HfY7EUDJJG6MQTsYxdbJYwurSquWSWAS9x00Ee3PtE:KCckjFJCUJbFdDJg6M2OluW19tPtIP

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

MITRE ATT&CK Enterprise v6

Tasks