Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dd17d7aa07cb561ea18c7cc4ee6eee637fd81445209b6ad0de67bbb96fc04ad6

  • Size

    1.2MB

  • Sample

    230424-xkfw5sdh59

  • MD5

    e2c2a9a1c18b6bad839c3d3ba7b39b18

  • SHA1

    04d0cf38865535027c41e9bb521ad6618876ea11

  • SHA256

    dd17d7aa07cb561ea18c7cc4ee6eee637fd81445209b6ad0de67bbb96fc04ad6

  • SHA512

    3749eaf9c6b72c2b08acacc81d9de7aaf344cc441cf5410253b1b49457a4bc1fc1869523cdf5694dd9516d7fc6e858ac2eb0ac0f5efa6babaad753a401202b06

  • SSDEEP

    24576:pj3DX6L44JAoqyf2Bh1F/tSs8mL2U7wucjiw017bw1xq9poyMmem:pj76L+oqyf2Bl/ksdr754iw017bmw

Malware Config

Targets

    • Target

      dd17d7aa07cb561ea18c7cc4ee6eee637fd81445209b6ad0de67bbb96fc04ad6

    • Size

      1.2MB

    • MD5

      e2c2a9a1c18b6bad839c3d3ba7b39b18

    • SHA1

      04d0cf38865535027c41e9bb521ad6618876ea11

    • SHA256

      dd17d7aa07cb561ea18c7cc4ee6eee637fd81445209b6ad0de67bbb96fc04ad6

    • SHA512

      3749eaf9c6b72c2b08acacc81d9de7aaf344cc441cf5410253b1b49457a4bc1fc1869523cdf5694dd9516d7fc6e858ac2eb0ac0f5efa6babaad753a401202b06

    • SSDEEP

      24576:pj3DX6L44JAoqyf2Bh1F/tSs8mL2U7wucjiw017bw1xq9poyMmem:pj76L+oqyf2Bl/ksdr754iw017bmw

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks