Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d966d227b78731ad609ebaab0a7b74c5270c0093c610d0bb739c553728f793d6

  • Size

    262KB

  • Sample

    221204-kramgsha7s

  • MD5

    a6971be2cb24e5b1754cb490bb022e59

  • SHA1

    52eab59c3bf776481cb797568ef007af80235fa6

  • SHA256

    d966d227b78731ad609ebaab0a7b74c5270c0093c610d0bb739c553728f793d6

  • SHA512

    12b2fbdf018bcbff1bd8892b6486051f4f8d9fe1d3afc40d8dda2fd82ccc06e642a03a30a263a50f189e88b7429c36469913902f049bd2472736848db81d2843

  • SSDEEP

    3072:aDrF9h20NUmzQze45ggO8/tmiG+lDe7eWQbFo90mcrWt7HrOgwcoutZ:a19RNUmzQzjgH8/tmiGqcoS

Malware Config

Targets

    • Target

      d966d227b78731ad609ebaab0a7b74c5270c0093c610d0bb739c553728f793d6

    • Size

      262KB

    • MD5

      a6971be2cb24e5b1754cb490bb022e59

    • SHA1

      52eab59c3bf776481cb797568ef007af80235fa6

    • SHA256

      d966d227b78731ad609ebaab0a7b74c5270c0093c610d0bb739c553728f793d6

    • SHA512

      12b2fbdf018bcbff1bd8892b6486051f4f8d9fe1d3afc40d8dda2fd82ccc06e642a03a30a263a50f189e88b7429c36469913902f049bd2472736848db81d2843

    • SSDEEP

      3072:aDrF9h20NUmzQze45ggO8/tmiG+lDe7eWQbFo90mcrWt7HrOgwcoutZ:a19RNUmzQzjgH8/tmiGqcoS

    • Modifies firewall policy service

    • Modifies security service

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Sets file execution options in registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks