Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    eff6620dc355ad9045ad87513a6580ee6fd06b2c4212ecafbc03b400c313750c

  • Size

    600KB

  • Sample

    230504-m1rngabg86

  • MD5

    af56a6416e595ff9c6957136e7d3176e

  • SHA1

    cca7e406aa0faa9c66490ac36de178b0da599f2d

  • SHA256

    eff6620dc355ad9045ad87513a6580ee6fd06b2c4212ecafbc03b400c313750c

  • SHA512

    b7b881fd1a398b6aff02cf9bd3821722ecfc24d137a3466ae77796d4fd6821296c309952510c65c357d275fbc1725cb93ae067045df379df44832fe1463184bb

  • SSDEEP

    12288:UMrvy90rkQ5VdcInz8dL+TowmTaunnXUGRsFv9u2XMXmHmv6:7ygk8FnzLeaenXUG+HHXCuz

Malware Config

Targets

    • Target

      eff6620dc355ad9045ad87513a6580ee6fd06b2c4212ecafbc03b400c313750c

    • Size

      600KB

    • MD5

      af56a6416e595ff9c6957136e7d3176e

    • SHA1

      cca7e406aa0faa9c66490ac36de178b0da599f2d

    • SHA256

      eff6620dc355ad9045ad87513a6580ee6fd06b2c4212ecafbc03b400c313750c

    • SHA512

      b7b881fd1a398b6aff02cf9bd3821722ecfc24d137a3466ae77796d4fd6821296c309952510c65c357d275fbc1725cb93ae067045df379df44832fe1463184bb

    • SSDEEP

      12288:UMrvy90rkQ5VdcInz8dL+TowmTaunnXUGRsFv9u2XMXmHmv6:7ygk8FnzLeaenXUG+HHXCuz

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks