Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cd3bb4ff90981401f49759737c0875f33a6fe867bf6f97a80f8928f939b0ee43

  • Size

    376KB

  • Sample

    230504-2cm3pshc8x

  • MD5

    8bbe0988340bd11c9d35a27443f81be0

  • SHA1

    20f0a3f6de695d0c6576d7ec8c6b4dd032b6f69c

  • SHA256

    cd3bb4ff90981401f49759737c0875f33a6fe867bf6f97a80f8928f939b0ee43

  • SHA512

    94ac5c264c11330bd45fb617818e47024d86d799ab27985e93fffdb2464f776717903218b69241d0fdb7f8c23f03ceac7ad8154bc84a293ad53ab09a49315671

  • SSDEEP

    6144:KDy+bnr+Qp0yN90QEwPYchSFizSdMX+axf1spdKw0Ka+UcE7ok:9Mr8y90uQ1KSdeXQgw3+7j

Malware Config

Targets

    • Target

      cd3bb4ff90981401f49759737c0875f33a6fe867bf6f97a80f8928f939b0ee43

    • Size

      376KB

    • MD5

      8bbe0988340bd11c9d35a27443f81be0

    • SHA1

      20f0a3f6de695d0c6576d7ec8c6b4dd032b6f69c

    • SHA256

      cd3bb4ff90981401f49759737c0875f33a6fe867bf6f97a80f8928f939b0ee43

    • SHA512

      94ac5c264c11330bd45fb617818e47024d86d799ab27985e93fffdb2464f776717903218b69241d0fdb7f8c23f03ceac7ad8154bc84a293ad53ab09a49315671

    • SSDEEP

      6144:KDy+bnr+Qp0yN90QEwPYchSFizSdMX+axf1spdKw0Ka+UcE7ok:9Mr8y90uQ1KSdeXQgw3+7j

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks