Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e880b99e91de800b12dd46878fef0298b1c62138d7841518074ca801f013fd17

  • Size

    1.1MB

  • Sample

    230426-dytwdaef64

  • MD5

    dca4eb79178f8d91b66ad8eb8d784ac6

  • SHA1

    835532255d8909c4b04034aa41d58554fd28365c

  • SHA256

    e880b99e91de800b12dd46878fef0298b1c62138d7841518074ca801f013fd17

  • SHA512

    3a2efea49ad13dc04e8f34a0dff8234c9755869d4ad3063e4a363cc3cf619ecc90b778aadb907e32da003307d914048f076249c1cebcaf9daa79cf911baac7ef

  • SSDEEP

    24576:tyhldDeNpw2+x1sEyLZtmcdkY2WGp/KX6Fvz8bT9IyPNIe6uw:Ihzan1ECEyLZtmq52H9Bv4Huy2Z

Malware Config

Targets

    • Target

      e880b99e91de800b12dd46878fef0298b1c62138d7841518074ca801f013fd17

    • Size

      1.1MB

    • MD5

      dca4eb79178f8d91b66ad8eb8d784ac6

    • SHA1

      835532255d8909c4b04034aa41d58554fd28365c

    • SHA256

      e880b99e91de800b12dd46878fef0298b1c62138d7841518074ca801f013fd17

    • SHA512

      3a2efea49ad13dc04e8f34a0dff8234c9755869d4ad3063e4a363cc3cf619ecc90b778aadb907e32da003307d914048f076249c1cebcaf9daa79cf911baac7ef

    • SSDEEP

      24576:tyhldDeNpw2+x1sEyLZtmcdkY2WGp/KX6Fvz8bT9IyPNIe6uw:Ihzan1ECEyLZtmq52H9Bv4Huy2Z

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks