Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    20676098f60a302605c14cc773509641a21be2b8836237ff6084aa50bb302749

  • Size

    1.3MB

  • Sample

    230420-dfwl9ahb7t

  • MD5

    7687110c47d45ef0c1054f93dabc37cf

  • SHA1

    4c429aa0a081197836074a5fccc536bec9eef686

  • SHA256

    20676098f60a302605c14cc773509641a21be2b8836237ff6084aa50bb302749

  • SHA512

    b40e7e3d01410c6bd7e4f5b8a0a7543be05093f33916e0c51988f4a939b68959d5f5915feef70f0dde734c4bfaa3d6a9ab0daa00ad3a17795de32e65762f0eb9

  • SSDEEP

    24576:oyS46GWcOuHkjDPAc+3euokOgrK7gBhmIjhB8IGzA/EM3kiUP3gPKOemIy8L:vp6yHkvgnNOgEg1jHGzA/EU1aQPm

Malware Config

Targets

    • Target

      20676098f60a302605c14cc773509641a21be2b8836237ff6084aa50bb302749

    • Size

      1.3MB

    • MD5

      7687110c47d45ef0c1054f93dabc37cf

    • SHA1

      4c429aa0a081197836074a5fccc536bec9eef686

    • SHA256

      20676098f60a302605c14cc773509641a21be2b8836237ff6084aa50bb302749

    • SHA512

      b40e7e3d01410c6bd7e4f5b8a0a7543be05093f33916e0c51988f4a939b68959d5f5915feef70f0dde734c4bfaa3d6a9ab0daa00ad3a17795de32e65762f0eb9

    • SSDEEP

      24576:oyS46GWcOuHkjDPAc+3euokOgrK7gBhmIjhB8IGzA/EM3kiUP3gPKOemIy8L:vp6yHkvgnNOgEg1jHGzA/EU1aQPm

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks