Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8448cb641cecddcebb71006ca0368e94b587261cb314f7498fbc916625954b90

  • Size

    172KB

  • Sample

    221202-2vmvnafe2w

  • MD5

    e192ba029e3e51fbb4968be451dd02c3

  • SHA1

    501dd63e9584629c0fa3fe965ee8006fe4bc12c9

  • SHA256

    8448cb641cecddcebb71006ca0368e94b587261cb314f7498fbc916625954b90

  • SHA512

    e21f5d9ef0e87a9d1269ec833c4e72a0d6f78ea96479eda67532c77e62f5f1cdba1a2bb83ac74576ecb916afb7c7deb57624574dfa77f9051b3a6422df62e2fb

  • SSDEEP

    3072:QH69DiMTdgP6RvRP5VwYznpDB/vWwvbSlJHy/r/zMJmd7DX4Xj:th3CSR1Q6L/vNvySj/zCgDXw

Malware Config

Targets

    • Target

      8448cb641cecddcebb71006ca0368e94b587261cb314f7498fbc916625954b90

    • Size

      172KB

    • MD5

      e192ba029e3e51fbb4968be451dd02c3

    • SHA1

      501dd63e9584629c0fa3fe965ee8006fe4bc12c9

    • SHA256

      8448cb641cecddcebb71006ca0368e94b587261cb314f7498fbc916625954b90

    • SHA512

      e21f5d9ef0e87a9d1269ec833c4e72a0d6f78ea96479eda67532c77e62f5f1cdba1a2bb83ac74576ecb916afb7c7deb57624574dfa77f9051b3a6422df62e2fb

    • SSDEEP

      3072:QH69DiMTdgP6RvRP5VwYznpDB/vWwvbSlJHy/r/zMJmd7DX4Xj:th3CSR1Q6L/vNvySj/zCgDXw

    • Executes dropped EXE

    • Modifies AppInit DLL entries

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks