Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9ddbf2fcfdf520d0d1a8c4bdb347ae4bb0ba2d6a574591f8606a9e236f4aa1d5

  • Size

    694KB

  • Sample

    230421-13jmjaac36

  • MD5

    4c1daf3058cbb316e31e6c75bfb58641

  • SHA1

    266f0d827b382525d6b5619408d0f4b41eccfae6

  • SHA256

    9ddbf2fcfdf520d0d1a8c4bdb347ae4bb0ba2d6a574591f8606a9e236f4aa1d5

  • SHA512

    cb44579dce9320341df59ffb6a407e82a38a76c0bc717ea1b1a831d2456065f07ee5d0c563422554d0802c7e88e343b4b59c9bd5cdcbd57b8bca84e7fc33a2d2

  • SSDEEP

    12288:Ky90tZT8TvEgRPU5eWbdJWs83i09WdBtDWT7Dd2aexPBjczEq980:Ky2ZT4TJU5eWbKVWXWhQZFj0

Malware Config

Targets

    • Target

      9ddbf2fcfdf520d0d1a8c4bdb347ae4bb0ba2d6a574591f8606a9e236f4aa1d5

    • Size

      694KB

    • MD5

      4c1daf3058cbb316e31e6c75bfb58641

    • SHA1

      266f0d827b382525d6b5619408d0f4b41eccfae6

    • SHA256

      9ddbf2fcfdf520d0d1a8c4bdb347ae4bb0ba2d6a574591f8606a9e236f4aa1d5

    • SHA512

      cb44579dce9320341df59ffb6a407e82a38a76c0bc717ea1b1a831d2456065f07ee5d0c563422554d0802c7e88e343b4b59c9bd5cdcbd57b8bca84e7fc33a2d2

    • SSDEEP

      12288:Ky90tZT8TvEgRPU5eWbdJWs83i09WdBtDWT7Dd2aexPBjczEq980:Ky2ZT4TJU5eWbKVWXWhQZFj0

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks