Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    1.1MB

  • Sample

    230111-yjne9saa6s

  • MD5

    7a66992f14ec9015181ed2d580c190ff

  • SHA1

    9674bf45d8017f7753ddd6e106a8974bb87860c0

  • SHA256

    34d3c6e0521570cf69ae828b240b19b3314e9b63d534d9a62ce81f6ac5eee8f7

  • SHA512

    e499c16f7cd9516e72745618443630bc9ca0218bc31118c49dde9ca63ffb067e65fd8b62c0326c80204156ffc030d1163910440197905be7333f64f056776dc7

  • SSDEEP

    24576:bEpFFe69Mk7fdcsaiWsEzJqIV9oM2PiUbDUrs5n9e78PB5I7QQq:bE0Ns0EQ9oMAiyDUrs5k7cB5EQ

Malware Config

Targets

    • Target

      file.exe

    • Size

      1.1MB

    • MD5

      7a66992f14ec9015181ed2d580c190ff

    • SHA1

      9674bf45d8017f7753ddd6e106a8974bb87860c0

    • SHA256

      34d3c6e0521570cf69ae828b240b19b3314e9b63d534d9a62ce81f6ac5eee8f7

    • SHA512

      e499c16f7cd9516e72745618443630bc9ca0218bc31118c49dde9ca63ffb067e65fd8b62c0326c80204156ffc030d1163910440197905be7333f64f056776dc7

    • SSDEEP

      24576:bEpFFe69Mk7fdcsaiWsEzJqIV9oM2PiUbDUrs5n9e78PB5I7QQq:bE0Ns0EQ9oMAiyDUrs5k7cB5EQ

    • Blocklisted process makes network request

    • Sets DLL path for service in the registry

    • Sets service image path in registry

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks