Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d8367777c05a8973d1ec20f2bf9c0d9908fbae476259209f93e90f7c0ea39e25

  • Size

    695KB

  • Sample

    230425-xwsebaec7z

  • MD5

    2fda2bbfa6c8b693d069b2acc099195c

  • SHA1

    5ed21d32853c79a205001c52091a6ee62f8e8cf3

  • SHA256

    d8367777c05a8973d1ec20f2bf9c0d9908fbae476259209f93e90f7c0ea39e25

  • SHA512

    a927be850ad44834bf170df47252780f1cd43db92c4a3130af2e3932d600b0f48f257045829ac286ebc6f6aa70e5b8e4468fd0cfbe40082beb1d3073f05235eb

  • SSDEEP

    12288:+y90pQ2ToWFVRL0L2NoFhMdzpw1HqlniLVdUN0cRgbPZiBQuyWNYGQ8hCg:+yGTo0Vd0kmhMdzGHqlCdUeXbuNOI

Malware Config

Targets

    • Target

      d8367777c05a8973d1ec20f2bf9c0d9908fbae476259209f93e90f7c0ea39e25

    • Size

      695KB

    • MD5

      2fda2bbfa6c8b693d069b2acc099195c

    • SHA1

      5ed21d32853c79a205001c52091a6ee62f8e8cf3

    • SHA256

      d8367777c05a8973d1ec20f2bf9c0d9908fbae476259209f93e90f7c0ea39e25

    • SHA512

      a927be850ad44834bf170df47252780f1cd43db92c4a3130af2e3932d600b0f48f257045829ac286ebc6f6aa70e5b8e4468fd0cfbe40082beb1d3073f05235eb

    • SSDEEP

      12288:+y90pQ2ToWFVRL0L2NoFhMdzpw1HqlniLVdUN0cRgbPZiBQuyWNYGQ8hCg:+yGTo0Vd0kmhMdzGHqlCdUeXbuNOI

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks