Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6cb06bf42337a4b6a68da3532428bbcfd9fb99e7f12fe6a14066b68e426b6c8f

  • Size

    376KB

  • Sample

    230504-3x28sshe8v

  • MD5

    4a77b05604987f73c3f8b541acbff82f

  • SHA1

    4abbb135c82f0126e14703ef4c7c2b43a78b770d

  • SHA256

    6cb06bf42337a4b6a68da3532428bbcfd9fb99e7f12fe6a14066b68e426b6c8f

  • SHA512

    e332372211730551fc3debbc550fed2c987ed7237733d49abfb6db6864f0afc0915a0dfa1f798f859dbcc93f2b28f40902dde6f67002db76ce36a88ba316625f

  • SSDEEP

    6144:Kwy+bnr+Jp0yN90QEnN9zzyJMc6Wock68zOcKt+BMsYLiRRv3cmF4a/CaxH6rTIC:QMrRy90hbJck6O7KsB5J+a/CaxH6rT+8

Malware Config

Targets

    • Target

      6cb06bf42337a4b6a68da3532428bbcfd9fb99e7f12fe6a14066b68e426b6c8f

    • Size

      376KB

    • MD5

      4a77b05604987f73c3f8b541acbff82f

    • SHA1

      4abbb135c82f0126e14703ef4c7c2b43a78b770d

    • SHA256

      6cb06bf42337a4b6a68da3532428bbcfd9fb99e7f12fe6a14066b68e426b6c8f

    • SHA512

      e332372211730551fc3debbc550fed2c987ed7237733d49abfb6db6864f0afc0915a0dfa1f798f859dbcc93f2b28f40902dde6f67002db76ce36a88ba316625f

    • SSDEEP

      6144:Kwy+bnr+Jp0yN90QEnN9zzyJMc6Wock68zOcKt+BMsYLiRRv3cmF4a/CaxH6rTIC:QMrRy90hbJck6O7KsB5J+a/CaxH6rT+8

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks