Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b80efe78c764b4a3229e08b9aa39c211a1cbe0bba811a7273f4e0483df6f038a

  • Size

    693KB

  • Sample

    230425-sze6yada6x

  • MD5

    99f7d0f17c893682c6ae54f3c4b9bd44

  • SHA1

    26ce329be648d6e24fc556c0655c3f9e1a468e9c

  • SHA256

    b80efe78c764b4a3229e08b9aa39c211a1cbe0bba811a7273f4e0483df6f038a

  • SHA512

    b32078e0cbff78101620cf6b3f633409474b0be77bde5a37da5388281ecdb7c50182e7870d4912d5ceac517a36756d97aabfcf91e872081ca8ecd4c3990a04be

  • SSDEEP

    12288:3y90i9nge53vwSXxiJyCjhq8AMaQufNr87BPF3DFJ9Nj0ttQ/lYEDCWeYpqffCoZ:3ytgKNXxCjhqyDEZ87BPlYAl7Vb2qoZb

Malware Config

Targets

    • Target

      b80efe78c764b4a3229e08b9aa39c211a1cbe0bba811a7273f4e0483df6f038a

    • Size

      693KB

    • MD5

      99f7d0f17c893682c6ae54f3c4b9bd44

    • SHA1

      26ce329be648d6e24fc556c0655c3f9e1a468e9c

    • SHA256

      b80efe78c764b4a3229e08b9aa39c211a1cbe0bba811a7273f4e0483df6f038a

    • SHA512

      b32078e0cbff78101620cf6b3f633409474b0be77bde5a37da5388281ecdb7c50182e7870d4912d5ceac517a36756d97aabfcf91e872081ca8ecd4c3990a04be

    • SSDEEP

      12288:3y90i9nge53vwSXxiJyCjhq8AMaQufNr87BPF3DFJ9Nj0ttQ/lYEDCWeYpqffCoZ:3ytgKNXxCjhqyDEZ87BPlYAl7Vb2qoZb

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks