Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d6105ccc28b509efc8a9b6f8959374edde297e67cd8a1202ceb882b17cd3d03a

  • Size

    827KB

  • Sample

    230422-krge2adh59

  • MD5

    ded363f5d3dee680962ed6d3415b74e1

  • SHA1

    3cdabba075f302a6a24ef4812640172ed24521cf

  • SHA256

    d6105ccc28b509efc8a9b6f8959374edde297e67cd8a1202ceb882b17cd3d03a

  • SHA512

    ae3ac6d762d1bd8ffce4d9c02eb62a46eb1e9dd4006347d18babb144b9830e4756308e60d3ef3584f5344e3cc1e31adb1e3dee4617979d9e3cc5cc1071d3024e

  • SSDEEP

    12288:yy90FMRjx3JbvoX0spC/DbyQ8T9sExE9JpOpuzu/LQ86KfQxZURrAZ/QWWQ+IY+V:yy4MRjxNDLbRQEPox1QxCr6QXQ9V

Malware Config

Targets

    • Target

      d6105ccc28b509efc8a9b6f8959374edde297e67cd8a1202ceb882b17cd3d03a

    • Size

      827KB

    • MD5

      ded363f5d3dee680962ed6d3415b74e1

    • SHA1

      3cdabba075f302a6a24ef4812640172ed24521cf

    • SHA256

      d6105ccc28b509efc8a9b6f8959374edde297e67cd8a1202ceb882b17cd3d03a

    • SHA512

      ae3ac6d762d1bd8ffce4d9c02eb62a46eb1e9dd4006347d18babb144b9830e4756308e60d3ef3584f5344e3cc1e31adb1e3dee4617979d9e3cc5cc1071d3024e

    • SSDEEP

      12288:yy90FMRjx3JbvoX0spC/DbyQ8T9sExE9JpOpuzu/LQ86KfQxZURrAZ/QWWQ+IY+V:yy4MRjxNDLbRQEPox1QxCr6QXQ9V

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks