Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7ffa35a5daa90fa3b85a138f914d708ab133d23d9ac12ee1ae0da48bd9f58399

  • Size

    1.1MB

  • Sample

    230426-ad64esfg2z

  • MD5

    16f64efbbb9967a1e7a576b6620ba8d6

  • SHA1

    0e77fd21e28ae020095a6c539efc15130f0acf83

  • SHA256

    7ffa35a5daa90fa3b85a138f914d708ab133d23d9ac12ee1ae0da48bd9f58399

  • SHA512

    6a4ce6b62251760cb6ac5e4f5d94e16c5e18f1e7016b549ba3844b7c5211563f9a60c495458f62947828f23799a2eb605d365922f4895aff0f13bb816163c308

  • SSDEEP

    12288:Zy904VyUcW3jgK7b87WRBNsph3baHwgtv03ZeZ9FxN2/uEw2i9DyxoNw3LAxHWW+:ZyxVnRmyBo1XgZOSXNZb6Fqj8bsjISe

Malware Config

Targets

    • Target

      7ffa35a5daa90fa3b85a138f914d708ab133d23d9ac12ee1ae0da48bd9f58399

    • Size

      1.1MB

    • MD5

      16f64efbbb9967a1e7a576b6620ba8d6

    • SHA1

      0e77fd21e28ae020095a6c539efc15130f0acf83

    • SHA256

      7ffa35a5daa90fa3b85a138f914d708ab133d23d9ac12ee1ae0da48bd9f58399

    • SHA512

      6a4ce6b62251760cb6ac5e4f5d94e16c5e18f1e7016b549ba3844b7c5211563f9a60c495458f62947828f23799a2eb605d365922f4895aff0f13bb816163c308

    • SSDEEP

      12288:Zy904VyUcW3jgK7b87WRBNsph3baHwgtv03ZeZ9FxN2/uEw2i9DyxoNw3LAxHWW+:ZyxVnRmyBo1XgZOSXNZb6Fqj8bsjISe

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks