Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b59b724091cead1305095f15b85073b6208cbb46ccf5a67a253862fb9e905277

  • Size

    546KB

  • Sample

    221203-wgen8sfe5v

  • MD5

    9c6e9bae04e514b47eefbddbb5e67d2b

  • SHA1

    6e9b1f7ee1b723035409ecd1d16c932b4141e1cb

  • SHA256

    b59b724091cead1305095f15b85073b6208cbb46ccf5a67a253862fb9e905277

  • SHA512

    0bb63b5cd7f019fccfe4a8e77cb15ae9a69de84ad7d9e89e7235a15e19bd540eefa68002bfa7a15c70fe94b77f0c3bc1340781ca5da1dde7fd5305ecbc4bdee0

  • SSDEEP

    3072:CNnqDxIGX/9nDiG7t6yCAti1zxGJidD5iYAHg4Cs7lJgxwL0out:CNnxKL0oS

Malware Config

Targets

    • Target

      b59b724091cead1305095f15b85073b6208cbb46ccf5a67a253862fb9e905277

    • Size

      546KB

    • MD5

      9c6e9bae04e514b47eefbddbb5e67d2b

    • SHA1

      6e9b1f7ee1b723035409ecd1d16c932b4141e1cb

    • SHA256

      b59b724091cead1305095f15b85073b6208cbb46ccf5a67a253862fb9e905277

    • SHA512

      0bb63b5cd7f019fccfe4a8e77cb15ae9a69de84ad7d9e89e7235a15e19bd540eefa68002bfa7a15c70fe94b77f0c3bc1340781ca5da1dde7fd5305ecbc4bdee0

    • SSDEEP

      3072:CNnqDxIGX/9nDiG7t6yCAti1zxGJidD5iYAHg4Cs7lJgxwL0out:CNnxKL0oS

    • Modifies firewall policy service

    • Modifies security service

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Sets file execution options in registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks