Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d6c964b9b126170d97d39c6fa7238f7324ce9d7ce7f3efc77da52939d0a225dd

  • Size

    63KB

  • Sample

    221206-ngfmjafh5y

  • MD5

    c3c53916127596d5abee5060223f5f44

  • SHA1

    fed6c564dc6622c6eac2e892b63065449fe765be

  • SHA256

    d6c964b9b126170d97d39c6fa7238f7324ce9d7ce7f3efc77da52939d0a225dd

  • SHA512

    05d8e1c70d6f9bafe6bdbc5c0bc34ead8614a10f6174a5dec65b7ace335022a0cff0c8c2093d699ba579783ab79736ae072e47d99d4699c05a49e002db3c24b3

  • SSDEEP

    1536:/rBK8fy+YY3rNSxCdax1FcCgEO4WErcGhxFKDMOOa7nouy8j:/rBK8fxYY3QxCdax/77OIrthxFK5jouV

Malware Config

Targets

    • Target

      d6c964b9b126170d97d39c6fa7238f7324ce9d7ce7f3efc77da52939d0a225dd

    • Size

      63KB

    • MD5

      c3c53916127596d5abee5060223f5f44

    • SHA1

      fed6c564dc6622c6eac2e892b63065449fe765be

    • SHA256

      d6c964b9b126170d97d39c6fa7238f7324ce9d7ce7f3efc77da52939d0a225dd

    • SHA512

      05d8e1c70d6f9bafe6bdbc5c0bc34ead8614a10f6174a5dec65b7ace335022a0cff0c8c2093d699ba579783ab79736ae072e47d99d4699c05a49e002db3c24b3

    • SSDEEP

      1536:/rBK8fy+YY3rNSxCdax1FcCgEO4WErcGhxFKDMOOa7nouy8j:/rBK8fxYY3QxCdax/77OIrthxFK5jouV

    • Modifies firewall policy service

    • Modifies security service

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Sets file execution options in registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks