Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b60d996062d1f8ab304a751ceb3a69e4802311273c020d74be4e2d85a538d13f

  • Size

    705KB

  • Sample

    230423-nec4maef31

  • MD5

    4f8181e74776ed9e1a4bdcdab364eba8

  • SHA1

    4f0c5ba0c3f941dcdf54c7db93e1f6a22371c042

  • SHA256

    b60d996062d1f8ab304a751ceb3a69e4802311273c020d74be4e2d85a538d13f

  • SHA512

    1cdbd14c6e9e8655973af8fc2411d098daf3ae9fdd8f116e76cb7e6f7748474e6e2124e417c999fed8c1f99c5d9ad7e9d329702752463cfbeca7309fc1e954ac

  • SSDEEP

    12288:Gy905daqWA6tuf7YZUt4xBZM5nfzQR8vLb1g23oyzPmZhedd0R7JQGf:Gygdaqv6tU6UtZ5fzI8vLbRYyGh0ChJJ

Malware Config

Targets

    • Target

      b60d996062d1f8ab304a751ceb3a69e4802311273c020d74be4e2d85a538d13f

    • Size

      705KB

    • MD5

      4f8181e74776ed9e1a4bdcdab364eba8

    • SHA1

      4f0c5ba0c3f941dcdf54c7db93e1f6a22371c042

    • SHA256

      b60d996062d1f8ab304a751ceb3a69e4802311273c020d74be4e2d85a538d13f

    • SHA512

      1cdbd14c6e9e8655973af8fc2411d098daf3ae9fdd8f116e76cb7e6f7748474e6e2124e417c999fed8c1f99c5d9ad7e9d329702752463cfbeca7309fc1e954ac

    • SSDEEP

      12288:Gy905daqWA6tuf7YZUt4xBZM5nfzQR8vLb1g23oyzPmZhedd0R7JQGf:Gygdaqv6tU6UtZ5fzI8vLbRYyGh0ChJJ

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks