Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    779e567905af383de5280f0257c493124887efe6b2b0570dbe648bbe9619cf7a

  • Size

    695KB

  • Sample

    230425-pgg12aca9s

  • MD5

    a8ce422b604bf966ff551cdae918df1e

  • SHA1

    4254f6990b3a8a5a6a5df31bd6a214b957f45560

  • SHA256

    779e567905af383de5280f0257c493124887efe6b2b0570dbe648bbe9619cf7a

  • SHA512

    1fbaea554de1d0c7496e9782bc5994ed229e6db8051e5b4c02ed51a2d82ef12be86f1561d1295929d013fb424eef167243f079c7f7a598735c10b8603aae4e79

  • SSDEEP

    12288:Ay902ddFjT6ZiFLo5SUgVKCeuNjRvN02WNUR5zLkkxvKhAOtBIp:AyjddvdfV7PNjRVhWNe5zLkKvw/Ip

Malware Config

Targets

    • Target

      779e567905af383de5280f0257c493124887efe6b2b0570dbe648bbe9619cf7a

    • Size

      695KB

    • MD5

      a8ce422b604bf966ff551cdae918df1e

    • SHA1

      4254f6990b3a8a5a6a5df31bd6a214b957f45560

    • SHA256

      779e567905af383de5280f0257c493124887efe6b2b0570dbe648bbe9619cf7a

    • SHA512

      1fbaea554de1d0c7496e9782bc5994ed229e6db8051e5b4c02ed51a2d82ef12be86f1561d1295929d013fb424eef167243f079c7f7a598735c10b8603aae4e79

    • SSDEEP

      12288:Ay902ddFjT6ZiFLo5SUgVKCeuNjRvN02WNUR5zLkkxvKhAOtBIp:AyjddvdfV7PNjRVhWNe5zLkKvw/Ip

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks