Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a95f207ca6b9ff09a248614ae30b3ddfbe1aaad61ccca7438451fdaa879b0c8b

  • Size

    6.9MB

  • Sample

    221129-j2brvsbb74

  • MD5

    76827e19ac4b6c300c8bc37754b321a9

  • SHA1

    60f1144731e4e8e98d22a59df821256307c26364

  • SHA256

    a95f207ca6b9ff09a248614ae30b3ddfbe1aaad61ccca7438451fdaa879b0c8b

  • SHA512

    beb2072de102d2d4d5925bd63925faa00828ad5e14f152d01544902e58293fb012991b6c614c3ff87c0928f4782b02f0302faff0f9fc0c672f4a9a1793bbc81b

  • SSDEEP

    196608:CZXBJmubSsk25nnATnJpk789JENi1OudYjinaOB:ePD2sbngnXk77rudzn5B

Malware Config

Targets

    • Target

      a95f207ca6b9ff09a248614ae30b3ddfbe1aaad61ccca7438451fdaa879b0c8b

    • Size

      6.9MB

    • MD5

      76827e19ac4b6c300c8bc37754b321a9

    • SHA1

      60f1144731e4e8e98d22a59df821256307c26364

    • SHA256

      a95f207ca6b9ff09a248614ae30b3ddfbe1aaad61ccca7438451fdaa879b0c8b

    • SHA512

      beb2072de102d2d4d5925bd63925faa00828ad5e14f152d01544902e58293fb012991b6c614c3ff87c0928f4782b02f0302faff0f9fc0c672f4a9a1793bbc81b

    • SSDEEP

      196608:CZXBJmubSsk25nnATnJpk789JENi1OudYjinaOB:ePD2sbngnXk77rudzn5B

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks