Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    859e551058a3035f32e79adf5d217aca6df23cdec4b7498bff491a1d351626a4

  • Size

    691KB

  • Sample

    221129-rvgcrsbf6y

  • MD5

    cc46071bd7293fd5872d09c3891d92b8

  • SHA1

    6250ed4be651746a52a7ccdda6d47ab20db4128e

  • SHA256

    859e551058a3035f32e79adf5d217aca6df23cdec4b7498bff491a1d351626a4

  • SHA512

    ae5736f5435a140827d1e1448e9241c2f50527ab1522b49036a2012f2e669a6708c723d9d789b5bf1d73ff2c9a7d3e7c88ba888dde04b495f53e8d96cab66376

  • SSDEEP

    1536:LbnRuEbswtfKxehJN/Ba6gZblpuiv0SvaxyXaCbZZC4+06gjIrCTRknanwujxsfS:LbnRuEYcg+mliy5bdH6MI2TqnOY

Malware Config

Targets

    • Target

      859e551058a3035f32e79adf5d217aca6df23cdec4b7498bff491a1d351626a4

    • Size

      691KB

    • MD5

      cc46071bd7293fd5872d09c3891d92b8

    • SHA1

      6250ed4be651746a52a7ccdda6d47ab20db4128e

    • SHA256

      859e551058a3035f32e79adf5d217aca6df23cdec4b7498bff491a1d351626a4

    • SHA512

      ae5736f5435a140827d1e1448e9241c2f50527ab1522b49036a2012f2e669a6708c723d9d789b5bf1d73ff2c9a7d3e7c88ba888dde04b495f53e8d96cab66376

    • SSDEEP

      1536:LbnRuEbswtfKxehJN/Ba6gZblpuiv0SvaxyXaCbZZC4+06gjIrCTRknanwujxsfS:LbnRuEYcg+mliy5bdH6MI2TqnOY

    • Modifies firewall policy service

    • Modifies security service

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Disables taskbar notifications via registry modification

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Sets file execution options in registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks