Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    85127b610109dfae658d53c0185632d636b2892a6fbf59032828dd4488a6790c

  • Size

    1.2MB

  • Sample

    230423-x4y7tsha61

  • MD5

    8ce198d04f3241c763bb68e71bd20139

  • SHA1

    4596818cde4b5e135a5945c138334909a14b0310

  • SHA256

    85127b610109dfae658d53c0185632d636b2892a6fbf59032828dd4488a6790c

  • SHA512

    54806b788fd78007fe977bab0ac8b2f38939086385b779da3305a955828dd0af87ab7b637333eb83b798cf3c1b2983b735f7314aaccf4bb659fa3690f19da2c2

  • SSDEEP

    24576:JLJQ+aYD/kHU5ClpZ1SKDtJttwyf6ws1tJ+cJGuFFw:JtQbWAJpsAX6JZJG8

Malware Config

Targets

    • Target

      85127b610109dfae658d53c0185632d636b2892a6fbf59032828dd4488a6790c

    • Size

      1.2MB

    • MD5

      8ce198d04f3241c763bb68e71bd20139

    • SHA1

      4596818cde4b5e135a5945c138334909a14b0310

    • SHA256

      85127b610109dfae658d53c0185632d636b2892a6fbf59032828dd4488a6790c

    • SHA512

      54806b788fd78007fe977bab0ac8b2f38939086385b779da3305a955828dd0af87ab7b637333eb83b798cf3c1b2983b735f7314aaccf4bb659fa3690f19da2c2

    • SSDEEP

      24576:JLJQ+aYD/kHU5ClpZ1SKDtJttwyf6ws1tJ+cJGuFFw:JtQbWAJpsAX6JZJG8

    • Modifies Windows Defender Real-time Protection settings

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks