Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c83f5b392b8277e076276584984da267ed7e874eef473a2b08b3077f84b277af

  • Size

    1.1MB

  • Sample

    230418-st8ajacc75

  • MD5

    754daa9af0469b01d6a1b1cd76b63c01

  • SHA1

    0d0346e280d12c307d44d53066363e8cca43ab6e

  • SHA256

    c83f5b392b8277e076276584984da267ed7e874eef473a2b08b3077f84b277af

  • SHA512

    144a754f726c83107760c913761fa871d639fd28bdcde33253ba0b1f03a0523f4a7d5f1175cb5cf3b8fd286cd140ecebd4a3912be7948030f7781f0e5bed7c5a

  • SSDEEP

    24576:2y+sDhxTsLoygM/aRaA3tjZ9ZCMiR/bgp2exr3EcvOT:F+sHTqoyr/a065ZTCMSNePv

Malware Config

Targets

    • Target

      c83f5b392b8277e076276584984da267ed7e874eef473a2b08b3077f84b277af

    • Size

      1.1MB

    • MD5

      754daa9af0469b01d6a1b1cd76b63c01

    • SHA1

      0d0346e280d12c307d44d53066363e8cca43ab6e

    • SHA256

      c83f5b392b8277e076276584984da267ed7e874eef473a2b08b3077f84b277af

    • SHA512

      144a754f726c83107760c913761fa871d639fd28bdcde33253ba0b1f03a0523f4a7d5f1175cb5cf3b8fd286cd140ecebd4a3912be7948030f7781f0e5bed7c5a

    • SSDEEP

      24576:2y+sDhxTsLoygM/aRaA3tjZ9ZCMiR/bgp2exr3EcvOT:F+sHTqoyr/a065ZTCMSNePv

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks