Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cec9665d5e09d5dc720f19ed20ca1f7a8ccd5e2c4be67f6a2fd1e20c60e71884

  • Size

    1.2MB

  • Sample

    230423-hx8elabg94

  • MD5

    688e08d83c63fc513c55458f391384f2

  • SHA1

    9aedfd7f0afc039917f94e95fd95c3431b63fbb4

  • SHA256

    cec9665d5e09d5dc720f19ed20ca1f7a8ccd5e2c4be67f6a2fd1e20c60e71884

  • SHA512

    97f14eff78dd765b7e206b38912f8e0cb29d4c7b410553ad084e115be45df41fa0854aa12914c154394863809c381fa42e739ec4c4e2c23ae6952ed3da9cfb61

  • SSDEEP

    24576:0Z/i8viZtNWceh50KP+8HInX9+nsbl54gOOm1J30y8zY:Ui86ZTu7tWntyshqgOOoS

Malware Config

Targets

    • Target

      cec9665d5e09d5dc720f19ed20ca1f7a8ccd5e2c4be67f6a2fd1e20c60e71884

    • Size

      1.2MB

    • MD5

      688e08d83c63fc513c55458f391384f2

    • SHA1

      9aedfd7f0afc039917f94e95fd95c3431b63fbb4

    • SHA256

      cec9665d5e09d5dc720f19ed20ca1f7a8ccd5e2c4be67f6a2fd1e20c60e71884

    • SHA512

      97f14eff78dd765b7e206b38912f8e0cb29d4c7b410553ad084e115be45df41fa0854aa12914c154394863809c381fa42e739ec4c4e2c23ae6952ed3da9cfb61

    • SSDEEP

      24576:0Z/i8viZtNWceh50KP+8HInX9+nsbl54gOOm1J30y8zY:Ui86ZTu7tWntyshqgOOoS

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks