Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    #bbc.png

  • Size

    267KB

  • Sample

    230304-vtez4adg8w

  • MD5

    7b2625e0240840c5936f617a6da00402

  • SHA1

    015f7dd7f46b6a917a0a2651d8f4987bbc90e590

  • SHA256

    e87a65aa4485734fe43d91edbe58a62b547fd0a68bbc70569b15f81b3e7c87ea

  • SHA512

    26064b4cd5a603054d4545061ba532d903ba03ec13bd143b6809339ad47cf5d2a0aa310017be0eaff113be9cec7ca1d74ddbd7da4fedcd2f0589c8f37c7350cb

  • SSDEEP

    6144:AmzA9Lw5XOxpzWTsvPqMKaRbM5IfqEWVDBylmWSVvQ9go:AF6hT8K5ICxV1hI

Malware Config

Targets

    • Target

      #bbc.png

    • Size

      267KB

    • MD5

      7b2625e0240840c5936f617a6da00402

    • SHA1

      015f7dd7f46b6a917a0a2651d8f4987bbc90e590

    • SHA256

      e87a65aa4485734fe43d91edbe58a62b547fd0a68bbc70569b15f81b3e7c87ea

    • SHA512

      26064b4cd5a603054d4545061ba532d903ba03ec13bd143b6809339ad47cf5d2a0aa310017be0eaff113be9cec7ca1d74ddbd7da4fedcd2f0589c8f37c7350cb

    • SSDEEP

      6144:AmzA9Lw5XOxpzWTsvPqMKaRbM5IfqEWVDBylmWSVvQ9go:AF6hT8K5ICxV1hI

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks