Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    94d6c463c205971378ea839bb8a9a3e8d386e89c5077766c70cc7b0f2aa980d5

  • Size

    827KB

  • Sample

    230420-dflgaahb6z

  • MD5

    76660ee327ef0fef2755b555491d785d

  • SHA1

    c9b4cb2a1a8c23fa02af25b6c49ea7f88b66ac16

  • SHA256

    94d6c463c205971378ea839bb8a9a3e8d386e89c5077766c70cc7b0f2aa980d5

  • SHA512

    fe5eea58c4d8cad589f51bb32f0e32875fe86f7b174f3502ee72edb2fd501f3f6f85cfad413af5dbebe37a2d1d36d8901a0577a16446aaaaa65a13d145837d83

  • SSDEEP

    12288:Py90qsitI+0deDCMsJ/zb8POJnmCQgDtJpFUIjcp7Hw2P2DZWer:Py8fFdJJ38WnXxDtH6IQ7D2D5

Malware Config

Targets

    • Target

      94d6c463c205971378ea839bb8a9a3e8d386e89c5077766c70cc7b0f2aa980d5

    • Size

      827KB

    • MD5

      76660ee327ef0fef2755b555491d785d

    • SHA1

      c9b4cb2a1a8c23fa02af25b6c49ea7f88b66ac16

    • SHA256

      94d6c463c205971378ea839bb8a9a3e8d386e89c5077766c70cc7b0f2aa980d5

    • SHA512

      fe5eea58c4d8cad589f51bb32f0e32875fe86f7b174f3502ee72edb2fd501f3f6f85cfad413af5dbebe37a2d1d36d8901a0577a16446aaaaa65a13d145837d83

    • SSDEEP

      12288:Py90qsitI+0deDCMsJ/zb8POJnmCQgDtJpFUIjcp7Hw2P2DZWer:Py8fFdJJ38WnXxDtH6IQ7D2D5

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks