Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d17d0b57a6a3bd38015cca851b78f920e270aca5d8cfef342e46bbfab5318035

  • Size

    936KB

  • Sample

    230420-tpecbsch7x

  • MD5

    9903dd89794fdf8444ac4d8af3a001ba

  • SHA1

    a9f1ff7f86778382d45f940a3cbfd5a7c6dfe87b

  • SHA256

    d17d0b57a6a3bd38015cca851b78f920e270aca5d8cfef342e46bbfab5318035

  • SHA512

    bf0ca839461b5571fdfd780a039f7cfe43ce6b0db3eba3584880a7c8a12fc2bfbf9a85b245f5e06137d2a1ae179479b07dbb4d04e4ee50bdc378d10e62cfbb12

  • SSDEEP

    12288:Uy90O0YgstBQ/C41aKjigUvDUjrx/x9mAl8C9+P0+VM/d8OCfsX5is34mEAwJmFj:UyQ2zTkrr9m45kP1Vgd8HfsXdKJmuw

Malware Config

Targets

    • Target

      d17d0b57a6a3bd38015cca851b78f920e270aca5d8cfef342e46bbfab5318035

    • Size

      936KB

    • MD5

      9903dd89794fdf8444ac4d8af3a001ba

    • SHA1

      a9f1ff7f86778382d45f940a3cbfd5a7c6dfe87b

    • SHA256

      d17d0b57a6a3bd38015cca851b78f920e270aca5d8cfef342e46bbfab5318035

    • SHA512

      bf0ca839461b5571fdfd780a039f7cfe43ce6b0db3eba3584880a7c8a12fc2bfbf9a85b245f5e06137d2a1ae179479b07dbb4d04e4ee50bdc378d10e62cfbb12

    • SSDEEP

      12288:Uy90O0YgstBQ/C41aKjigUvDUjrx/x9mAl8C9+P0+VM/d8OCfsX5is34mEAwJmFj:UyQ2zTkrr9m45kP1Vgd8HfsXdKJmuw

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks