Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4119d812dd41b04295a5f189a62ebe9b342e6773c35150bf161dc58453f08b48

  • Size

    828KB

  • Sample

    230420-e6ebbsfe74

  • MD5

    edf036fc0d261ad2d63612b5b772e60c

  • SHA1

    e34178b06a62f3dcb6eac1f33a9261bea90f04a3

  • SHA256

    4119d812dd41b04295a5f189a62ebe9b342e6773c35150bf161dc58453f08b48

  • SHA512

    f5ed08864dd2267085023753f4683b72b9d2d29132a30cd2507de0864be1e78718c3db61bd2cf757b6e7ae6d28c2a73a2f271f72c7bb57775322075a10bf040a

  • SSDEEP

    12288:Fy90N4KlDqZo5TKi1/LCs0tp77MT9GAu/NW76LVAOkIfzhapL9o8roQ2D:FyI4Mq3iNpw77Hr/NW76pAAhVN

Malware Config

Targets

    • Target

      4119d812dd41b04295a5f189a62ebe9b342e6773c35150bf161dc58453f08b48

    • Size

      828KB

    • MD5

      edf036fc0d261ad2d63612b5b772e60c

    • SHA1

      e34178b06a62f3dcb6eac1f33a9261bea90f04a3

    • SHA256

      4119d812dd41b04295a5f189a62ebe9b342e6773c35150bf161dc58453f08b48

    • SHA512

      f5ed08864dd2267085023753f4683b72b9d2d29132a30cd2507de0864be1e78718c3db61bd2cf757b6e7ae6d28c2a73a2f271f72c7bb57775322075a10bf040a

    • SSDEEP

      12288:Fy90N4KlDqZo5TKi1/LCs0tp77MT9GAu/NW76LVAOkIfzhapL9o8roQ2D:FyI4Mq3iNpw77Hr/NW76pAAhVN

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks