Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    aa68e294c702b7cc06d926c50481c55a2b9504553fe2fe7d2db91b0c19629804

  • Size

    704KB

  • Sample

    230422-m2bzeaee28

  • MD5

    85cd913eabbb97481d76852c19a7c0dc

  • SHA1

    a8dab04418cf1090a5ae11fcb7294f6e14c5bd63

  • SHA256

    aa68e294c702b7cc06d926c50481c55a2b9504553fe2fe7d2db91b0c19629804

  • SHA512

    c61af6c332364e71d576204f362a3a8def9d54efd8b8fc88bc9ceffaa02a1d0579b33770db72f6c0dab09dcaae6ec2535f45427c42af92af0e97ce73503efd3e

  • SSDEEP

    12288:Qy903W8ddMoKDOaDiQ9TsnalPY6NIywS5TxE9OHOR+66fcq8iF0sU+ZfX:QyS45GETsnaldIOEYuwrFxU4fX

Malware Config

Targets

    • Target

      aa68e294c702b7cc06d926c50481c55a2b9504553fe2fe7d2db91b0c19629804

    • Size

      704KB

    • MD5

      85cd913eabbb97481d76852c19a7c0dc

    • SHA1

      a8dab04418cf1090a5ae11fcb7294f6e14c5bd63

    • SHA256

      aa68e294c702b7cc06d926c50481c55a2b9504553fe2fe7d2db91b0c19629804

    • SHA512

      c61af6c332364e71d576204f362a3a8def9d54efd8b8fc88bc9ceffaa02a1d0579b33770db72f6c0dab09dcaae6ec2535f45427c42af92af0e97ce73503efd3e

    • SSDEEP

      12288:Qy903W8ddMoKDOaDiQ9TsnalPY6NIywS5TxE9OHOR+66fcq8iF0sU+ZfX:QyS45GETsnaldIOEYuwrFxU4fX

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks