Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    da064fda26872da41f1a250c07fa3038bff9b9f87136c48fcfb110fabcb24d00

  • Size

    1.4MB

  • Sample

    221202-w571pafg91

  • MD5

    ac973d02dbb26b8ee2e52bea0ad6b6e6

  • SHA1

    0fd4cfa507c8ececc891648a850ec8f3dd6eda19

  • SHA256

    da064fda26872da41f1a250c07fa3038bff9b9f87136c48fcfb110fabcb24d00

  • SHA512

    7a4ec6f95533b5c0a03ee5e8bbd0165d55880ea039cc55ae2994d930f4953b10d3630c738fbe228e4ca8bb2049e09897c8023b23c99059b3fdb747b087f33201

  • SSDEEP

    1536:7Eo6GzI9cono/es2KyvLh423iZB7LbGnkBwUDXLY+cnCd4SztNXjU8UdatVgc1h:g8ciono/e95vLh4j2Umns4khjU0jZ

Malware Config

Targets

    • Target

      da064fda26872da41f1a250c07fa3038bff9b9f87136c48fcfb110fabcb24d00

    • Size

      1.4MB

    • MD5

      ac973d02dbb26b8ee2e52bea0ad6b6e6

    • SHA1

      0fd4cfa507c8ececc891648a850ec8f3dd6eda19

    • SHA256

      da064fda26872da41f1a250c07fa3038bff9b9f87136c48fcfb110fabcb24d00

    • SHA512

      7a4ec6f95533b5c0a03ee5e8bbd0165d55880ea039cc55ae2994d930f4953b10d3630c738fbe228e4ca8bb2049e09897c8023b23c99059b3fdb747b087f33201

    • SSDEEP

      1536:7Eo6GzI9cono/es2KyvLh423iZB7LbGnkBwUDXLY+cnCd4SztNXjU8UdatVgc1h:g8ciono/e95vLh4j2Umns4khjU0jZ

    • Modifies firewall policy service

    • Modifies security service

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Sets file execution options in registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks