Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c11c35d6c90b76731ea284cd65b14984ee8be402f54e2f0feaa6b9e93647c2d0

  • Size

    232KB

  • Sample

    221205-29mhfaaf4x

  • MD5

    ee1775fda016d56e3193b7b673b4cf71

  • SHA1

    2a0bafcb24111dc22f09a631d839d8bb82323e5f

  • SHA256

    c11c35d6c90b76731ea284cd65b14984ee8be402f54e2f0feaa6b9e93647c2d0

  • SHA512

    be11191761e7e20d363fa46cdfe8ae2a0cd3d4ed3ff4410a91b0704b9e6d7aadb2c7dfd9c43b1066e49ba4c9d8b29b5d8e55efa50e15c3e43e4b42bbeb66293b

  • SSDEEP

    6144:N2JR6jBaplmtyCrAotVvp+/cWD0QBZeP2ljm:kJwd9y4JtVvp+EdOeP

Malware Config

Targets

    • Target

      c11c35d6c90b76731ea284cd65b14984ee8be402f54e2f0feaa6b9e93647c2d0

    • Size

      232KB

    • MD5

      ee1775fda016d56e3193b7b673b4cf71

    • SHA1

      2a0bafcb24111dc22f09a631d839d8bb82323e5f

    • SHA256

      c11c35d6c90b76731ea284cd65b14984ee8be402f54e2f0feaa6b9e93647c2d0

    • SHA512

      be11191761e7e20d363fa46cdfe8ae2a0cd3d4ed3ff4410a91b0704b9e6d7aadb2c7dfd9c43b1066e49ba4c9d8b29b5d8e55efa50e15c3e43e4b42bbeb66293b

    • SSDEEP

      6144:N2JR6jBaplmtyCrAotVvp+/cWD0QBZeP2ljm:kJwd9y4JtVvp+EdOeP

    • Modifies visiblity of hidden/system files in Explorer

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks