Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    197KB

  • Sample

    230209-g26k5afd4t

  • MD5

    a0da8483ba515cf977e01dcbdbe44b09

  • SHA1

    68cf59ccd02090f8c6314b7f03d7d1b8ef355690

  • SHA256

    48e76ea09784f53c5d963a7edd2ca3a6d0999c3885772a5dc69f978e980c2261

  • SHA512

    908b4a3770ec3e1e93625a98319156d42dcdf9978a3fba747d0c40e0aee34015ce96422f9f9391bdcf91ef3b931eaa9dbcdf5e9451ef4f698117bce5225405a9

  • SSDEEP

    3072:MaqVOfXhUGvel+tNLkgrWyd51r4TI7p06ogFOdPEdc/NtpMN6arn:xqV6dTLbrTsnTw49MMc

Score
8/10

Malware Config

Targets

    • Target

      file.exe

    • Size

      197KB

    • MD5

      a0da8483ba515cf977e01dcbdbe44b09

    • SHA1

      68cf59ccd02090f8c6314b7f03d7d1b8ef355690

    • SHA256

      48e76ea09784f53c5d963a7edd2ca3a6d0999c3885772a5dc69f978e980c2261

    • SHA512

      908b4a3770ec3e1e93625a98319156d42dcdf9978a3fba747d0c40e0aee34015ce96422f9f9391bdcf91ef3b931eaa9dbcdf5e9451ef4f698117bce5225405a9

    • SSDEEP

      3072:MaqVOfXhUGvel+tNLkgrWyd51r4TI7p06ogFOdPEdc/NtpMN6arn:xqV6dTLbrTsnTw49MMc

    Score
    8/10
    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks