Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    008e60929d75547cc1b3d1bb936b0c97785b3509480e29386ef1f654d7c8419b

  • Size

    936KB

  • Sample

    230420-kwkcgsaf8v

  • MD5

    136f3fb9fc54ff50078f5445e3412901

  • SHA1

    3cbb39153874e171518e228d56944ad8f6f4f28b

  • SHA256

    008e60929d75547cc1b3d1bb936b0c97785b3509480e29386ef1f654d7c8419b

  • SHA512

    374abce1c160b9feeec8a07a26c2d0d70d5657c16e4e384970b7385fd0fd4622f1a0a495c292721e1cc5130b20dcdb0ef9db7f45e17813c146deb6ffb0bc2d95

  • SSDEEP

    24576:6ymeJmcrbYDmd93hFRw3FTa567WgrqDVI:BbmCMDiRWFG0q

Malware Config

Targets

    • Target

      008e60929d75547cc1b3d1bb936b0c97785b3509480e29386ef1f654d7c8419b

    • Size

      936KB

    • MD5

      136f3fb9fc54ff50078f5445e3412901

    • SHA1

      3cbb39153874e171518e228d56944ad8f6f4f28b

    • SHA256

      008e60929d75547cc1b3d1bb936b0c97785b3509480e29386ef1f654d7c8419b

    • SHA512

      374abce1c160b9feeec8a07a26c2d0d70d5657c16e4e384970b7385fd0fd4622f1a0a495c292721e1cc5130b20dcdb0ef9db7f45e17813c146deb6ffb0bc2d95

    • SSDEEP

      24576:6ymeJmcrbYDmd93hFRw3FTa567WgrqDVI:BbmCMDiRWFG0q

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks