Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    efa35da26e2c21149a9be5e3787d39911ab7e08f435f95099f468b586ebc71d4

  • Size

    342KB

  • Sample

    230104-ank9psdd25

  • MD5

    3bea8a2261b2cae191a0b7501aaed07b

  • SHA1

    68bf79c87ac58e238e48ec177d3b8984a82bc060

  • SHA256

    efa35da26e2c21149a9be5e3787d39911ab7e08f435f95099f468b586ebc71d4

  • SHA512

    fe33e758d26d9937fde33860ea1c88b008bcb7c52e3dface4a2aad1012f26dd8001e74347f6d7f44f2be13e5e847b036955e8fdb8f5cb9f79ce265932453a482

  • SSDEEP

    6144:Uk5L/xG5BH1he4O9OMWKlDycAyjFvJEMbx5rb:35r45h1h5iWGDPAyxfV5

Score
8/10

Malware Config

Targets

    • Target

      efa35da26e2c21149a9be5e3787d39911ab7e08f435f95099f468b586ebc71d4

    • Size

      342KB

    • MD5

      3bea8a2261b2cae191a0b7501aaed07b

    • SHA1

      68bf79c87ac58e238e48ec177d3b8984a82bc060

    • SHA256

      efa35da26e2c21149a9be5e3787d39911ab7e08f435f95099f468b586ebc71d4

    • SHA512

      fe33e758d26d9937fde33860ea1c88b008bcb7c52e3dface4a2aad1012f26dd8001e74347f6d7f44f2be13e5e847b036955e8fdb8f5cb9f79ce265932453a482

    • SSDEEP

      6144:Uk5L/xG5BH1he4O9OMWKlDycAyjFvJEMbx5rb:35r45h1h5iWGDPAyxfV5

    Score
    8/10
    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks