Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    94ec63d53685ff39acbf43143cc01f43b987e4eb47f8febcd26d2f2fd5f300d4

  • Size

    691KB

  • Sample

    230426-wt2drsba86

  • MD5

    2939af54ec7ac240a0e1ecc621ad8e43

  • SHA1

    a4cc3713140198dbfb6b52df85dea79f94e2998c

  • SHA256

    94ec63d53685ff39acbf43143cc01f43b987e4eb47f8febcd26d2f2fd5f300d4

  • SHA512

    eaa4d3377320205811466d4c5fab57300f5d2413b785fdf29fde29bfcb891626f4b0e5e153e10d1ca6bec37711c696b4c30edacdc6b9e2edf414932ca3d3240d

  • SSDEEP

    12288:1y90cDclXnR7Qwgx4A0LJuqLuZB/Sve2M7CGKANBfbzV/6u/m4kO:1yzKXnOw64NuqLAE22fANZbz3b

Malware Config

Targets

    • Target

      94ec63d53685ff39acbf43143cc01f43b987e4eb47f8febcd26d2f2fd5f300d4

    • Size

      691KB

    • MD5

      2939af54ec7ac240a0e1ecc621ad8e43

    • SHA1

      a4cc3713140198dbfb6b52df85dea79f94e2998c

    • SHA256

      94ec63d53685ff39acbf43143cc01f43b987e4eb47f8febcd26d2f2fd5f300d4

    • SHA512

      eaa4d3377320205811466d4c5fab57300f5d2413b785fdf29fde29bfcb891626f4b0e5e153e10d1ca6bec37711c696b4c30edacdc6b9e2edf414932ca3d3240d

    • SSDEEP

      12288:1y90cDclXnR7Qwgx4A0LJuqLuZB/Sve2M7CGKANBfbzV/6u/m4kO:1yzKXnOw64NuqLAE22fANZbz3b

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks