Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d133ac83e4a948a8ae1a22c7a4a9c634dc6ee9d6fed0215634f3e5b91c17a09e

  • Size

    695KB

  • Sample

    230426-nmxs1agh97

  • MD5

    420518a1f5fbbb83601d7a3d9c051c54

  • SHA1

    70c5465e14d0cb849be17d6e0b49fcbda019aaf2

  • SHA256

    d133ac83e4a948a8ae1a22c7a4a9c634dc6ee9d6fed0215634f3e5b91c17a09e

  • SHA512

    905e9d85e01616120e59f808ef9dd5cb80a6d2cd2fc95d060b70a6eb385063065632f08945031d36985c4d25ecbb51bce28af5d27ac704e4925b279648e4f46d

  • SSDEEP

    12288:my90TB/V9RZua9J0eWWoDlk3nMqDGCWW9Ur9pgGeQ1ZRhu5H40iD3e7bbEiLUmrP:mykZnxuDlk3MyGCWW9UEGemjUJ8e7b/1

Malware Config

Targets

    • Target

      d133ac83e4a948a8ae1a22c7a4a9c634dc6ee9d6fed0215634f3e5b91c17a09e

    • Size

      695KB

    • MD5

      420518a1f5fbbb83601d7a3d9c051c54

    • SHA1

      70c5465e14d0cb849be17d6e0b49fcbda019aaf2

    • SHA256

      d133ac83e4a948a8ae1a22c7a4a9c634dc6ee9d6fed0215634f3e5b91c17a09e

    • SHA512

      905e9d85e01616120e59f808ef9dd5cb80a6d2cd2fc95d060b70a6eb385063065632f08945031d36985c4d25ecbb51bce28af5d27ac704e4925b279648e4f46d

    • SSDEEP

      12288:my90TB/V9RZua9J0eWWoDlk3nMqDGCWW9Ur9pgGeQ1ZRhu5H40iD3e7bbEiLUmrP:mykZnxuDlk3MyGCWW9UEGemjUJ8e7b/1

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks