Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7e80ae67760877654eb878b2362fff1641dc94f68bfc40c31e4cf9b6ba63242b

  • Size

    1.4MB

  • Sample

    221201-2c4epagd54

  • MD5

    b8c5b7f562d837062717c906a2a67df1

  • SHA1

    2c8f6f58cd1d65f6c0e230929bfe64a32c5db40c

  • SHA256

    7e80ae67760877654eb878b2362fff1641dc94f68bfc40c31e4cf9b6ba63242b

  • SHA512

    038a5ea19f196c048d268d628458c9e9172fa3b91d90a97639916549a3f8515312dc119cfbac45ffe107c26bb85683ec9eaa10b711b567c917dc4327c944a814

  • SSDEEP

    1536:GCxE8JHTdoQkO6xvJXzT0YpMgbQoToPQTiwHz7pj5omc4JyBMA6:GuxBoJOMXzAMrTuw8aMBe

Malware Config

Targets

    • Target

      7e80ae67760877654eb878b2362fff1641dc94f68bfc40c31e4cf9b6ba63242b

    • Size

      1.4MB

    • MD5

      b8c5b7f562d837062717c906a2a67df1

    • SHA1

      2c8f6f58cd1d65f6c0e230929bfe64a32c5db40c

    • SHA256

      7e80ae67760877654eb878b2362fff1641dc94f68bfc40c31e4cf9b6ba63242b

    • SHA512

      038a5ea19f196c048d268d628458c9e9172fa3b91d90a97639916549a3f8515312dc119cfbac45ffe107c26bb85683ec9eaa10b711b567c917dc4327c944a814

    • SSDEEP

      1536:GCxE8JHTdoQkO6xvJXzT0YpMgbQoToPQTiwHz7pj5omc4JyBMA6:GuxBoJOMXzAMrTuw8aMBe

    • Modifies firewall policy service

    • Modifies security service

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Sets file execution options in registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks