Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    830573b04db1bac3f5c890a7dad7e2d1e5dce8ea3210a814391318a1521fcdbf

  • Size

    312KB

  • Sample

    221201-cxfrpaah6v

  • MD5

    8a07e324c39401883d4f3e928ed38b3d

  • SHA1

    4cb51deef671271cc5a69d4530800705d7dcda43

  • SHA256

    830573b04db1bac3f5c890a7dad7e2d1e5dce8ea3210a814391318a1521fcdbf

  • SHA512

    3d147d1899608645a81fcc012076dc31bc7b782d76b13ea790e895984119cf816937953d5337bc6096a3a61b092904229446d600f3983b9f5dee65126211f3e6

  • SSDEEP

    3072:1RYfhn6IxI4BXzk6K6Tr5DOZeCzZPj8o3:rE5dXzkmMesL3

Malware Config

Targets

    • Target

      830573b04db1bac3f5c890a7dad7e2d1e5dce8ea3210a814391318a1521fcdbf

    • Size

      312KB

    • MD5

      8a07e324c39401883d4f3e928ed38b3d

    • SHA1

      4cb51deef671271cc5a69d4530800705d7dcda43

    • SHA256

      830573b04db1bac3f5c890a7dad7e2d1e5dce8ea3210a814391318a1521fcdbf

    • SHA512

      3d147d1899608645a81fcc012076dc31bc7b782d76b13ea790e895984119cf816937953d5337bc6096a3a61b092904229446d600f3983b9f5dee65126211f3e6

    • SSDEEP

      3072:1RYfhn6IxI4BXzk6K6Tr5DOZeCzZPj8o3:rE5dXzkmMesL3

    • Modifies firewall policy service

    • Modifies security service

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Disables taskbar notifications via registry modification

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Sets file execution options in registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks