Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a85040e7ecb3f06082b5292804267433e611040c89d835a8ffd3151b148ed687

  • Size

    73KB

  • Sample

    221204-krcrvaha7y

  • MD5

    ab115f0a6d01203b54f3d4b1a327b587

  • SHA1

    bbb4761896d6f206f085ed5f0481b8e68f8e80d6

  • SHA256

    a85040e7ecb3f06082b5292804267433e611040c89d835a8ffd3151b148ed687

  • SHA512

    c047ca3e2c725df30284d8fbc06f88dd99588ae6c2c25f656060c21ecb055396018447aad65349e2261d9c9ff1b5e39caeb013665e8210d975abf4e95fba28da

  • SSDEEP

    1536:bNCJMvSU05Ct8NwAJH7Bs3UHRazKxiH0vrb+cd8nouy8Z:bNiUQCt5Ia3SYPUvriGcoutZ

Malware Config

Targets

    • Target

      a85040e7ecb3f06082b5292804267433e611040c89d835a8ffd3151b148ed687

    • Size

      73KB

    • MD5

      ab115f0a6d01203b54f3d4b1a327b587

    • SHA1

      bbb4761896d6f206f085ed5f0481b8e68f8e80d6

    • SHA256

      a85040e7ecb3f06082b5292804267433e611040c89d835a8ffd3151b148ed687

    • SHA512

      c047ca3e2c725df30284d8fbc06f88dd99588ae6c2c25f656060c21ecb055396018447aad65349e2261d9c9ff1b5e39caeb013665e8210d975abf4e95fba28da

    • SSDEEP

      1536:bNCJMvSU05Ct8NwAJH7Bs3UHRazKxiH0vrb+cd8nouy8Z:bNiUQCt5Ia3SYPUvriGcoutZ

    • Modifies firewall policy service

    • Modifies security service

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Sets file execution options in registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks