Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    34ee57585f7221603437ee9ecfad3310.exe

  • Size

    376KB

  • Sample

    230504-3pd61aff92

  • MD5

    34ee57585f7221603437ee9ecfad3310

  • SHA1

    488321cf023594fb4123fcc4cca7b7d9a0f8a7a3

  • SHA256

    aba34edf3f8e7f646f3050e5af11125e5907fa65e5cacb2e6382ce7f85fbbec1

  • SHA512

    c0102089ebd2a247764ee7b3039c7095672b80b52aac9320813dddbbf912ca7351fe8f7279f39a8c5db3efcba12d0e0e701937e117bd637eabdbdd33e08ac8c4

  • SSDEEP

    6144:K3y+bnr+8p0yN90QE8bpHtVzT59SrdctofAWi9JY:9MrMy902b3VzTvidcWx

Malware Config

Targets

    • Target

      34ee57585f7221603437ee9ecfad3310.exe

    • Size

      376KB

    • MD5

      34ee57585f7221603437ee9ecfad3310

    • SHA1

      488321cf023594fb4123fcc4cca7b7d9a0f8a7a3

    • SHA256

      aba34edf3f8e7f646f3050e5af11125e5907fa65e5cacb2e6382ce7f85fbbec1

    • SHA512

      c0102089ebd2a247764ee7b3039c7095672b80b52aac9320813dddbbf912ca7351fe8f7279f39a8c5db3efcba12d0e0e701937e117bd637eabdbdd33e08ac8c4

    • SSDEEP

      6144:K3y+bnr+8p0yN90QE8bpHtVzT59SrdctofAWi9JY:9MrMy902b3VzTvidcWx

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks