Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    aa5f994ffd01a7de2555f7a2d6be6f781d6da8e840924451a241312f579c1768

  • Size

    262KB

  • Sample

    221206-nfyrqafg9z

  • MD5

    bf7c2e037a23e9966167c810334d77d7

  • SHA1

    26e2a09beabf753ddabb93b4706805be46718e70

  • SHA256

    aa5f994ffd01a7de2555f7a2d6be6f781d6da8e840924451a241312f579c1768

  • SHA512

    309ad1cff9c52d748bfb627cac89d2f7c104db16a3d2947bc3344b29e3bf9ab539c32fef01cf882e411604601d1cd8201e24d06d10f01e171d81c3c66ff95569

  • SSDEEP

    3072:gDrF9h20NUmzQze45ggO8/tmiG+lDe7eWQbFo90mcrWt7HrOgwcoutZ:g19RNUmzQzjgH8/tmiGqcoS

Malware Config

Targets

    • Target

      aa5f994ffd01a7de2555f7a2d6be6f781d6da8e840924451a241312f579c1768

    • Size

      262KB

    • MD5

      bf7c2e037a23e9966167c810334d77d7

    • SHA1

      26e2a09beabf753ddabb93b4706805be46718e70

    • SHA256

      aa5f994ffd01a7de2555f7a2d6be6f781d6da8e840924451a241312f579c1768

    • SHA512

      309ad1cff9c52d748bfb627cac89d2f7c104db16a3d2947bc3344b29e3bf9ab539c32fef01cf882e411604601d1cd8201e24d06d10f01e171d81c3c66ff95569

    • SSDEEP

      3072:gDrF9h20NUmzQze45ggO8/tmiG+lDe7eWQbFo90mcrWt7HrOgwcoutZ:g19RNUmzQzjgH8/tmiGqcoS

    • Modifies firewall policy service

    • Modifies security service

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Sets file execution options in registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks