Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    66f6904751985f14aea6e5ff73c7ccd6fc68b4795b9a7bc0f4665f094b4f02f6

  • Size

    890KB

  • Sample

    221201-ecwzaabg37

  • MD5

    9c0b63cb17fa4ee66900da0f06cc3e4e

  • SHA1

    ac19722da1fbf52eb9656ba59d818906829220f0

  • SHA256

    66f6904751985f14aea6e5ff73c7ccd6fc68b4795b9a7bc0f4665f094b4f02f6

  • SHA512

    f18d6349f5cb180f2f8179d3c94dd1da6978e7dfc04ff9aa495b32a7d0b793f2df5b4c3fab7d9e262fd2b1f589b19ed0644c00f93a713397796e7c81f00e7a97

  • SSDEEP

    1536:hO20qHkRRNpTNJo9KJt7i3ukMV111I8Yp45wzvShJFIn8lq93oFDeUXtk3ns:hMRjVo9uFiJu11upaEMq8Y3Utm

Malware Config

Targets

    • Target

      66f6904751985f14aea6e5ff73c7ccd6fc68b4795b9a7bc0f4665f094b4f02f6

    • Size

      890KB

    • MD5

      9c0b63cb17fa4ee66900da0f06cc3e4e

    • SHA1

      ac19722da1fbf52eb9656ba59d818906829220f0

    • SHA256

      66f6904751985f14aea6e5ff73c7ccd6fc68b4795b9a7bc0f4665f094b4f02f6

    • SHA512

      f18d6349f5cb180f2f8179d3c94dd1da6978e7dfc04ff9aa495b32a7d0b793f2df5b4c3fab7d9e262fd2b1f589b19ed0644c00f93a713397796e7c81f00e7a97

    • SSDEEP

      1536:hO20qHkRRNpTNJo9KJt7i3ukMV111I8Yp45wzvShJFIn8lq93oFDeUXtk3ns:hMRjVo9uFiJu11upaEMq8Y3Utm

    • Modifies firewall policy service

    • Modifies security service

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Disables taskbar notifications via registry modification

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Sets file execution options in registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks