Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    85668e50e43c6e8092232db81eb943a9e30f12eb540017a3283428949b164a45

  • Size

    712KB

  • Sample

    230504-sp7s7sdc75

  • MD5

    2cf9032670f193d7ff08bfdcd8700485

  • SHA1

    93d6d68d4e6fb8e0e30c6116bd23cff208274955

  • SHA256

    85668e50e43c6e8092232db81eb943a9e30f12eb540017a3283428949b164a45

  • SHA512

    8bd878823f54e646eb479008c7eab835e77ef6bfb27a0f46932531a2ed6a4ccb1e9eb43e0b0623d7e61ab5496fbf3cb7feaca956fd0858af4f1ff579b4a98648

  • SSDEEP

    12288:CMrDy90drbyARFB1zts6QHQI7/pCLh/mA12Aqo2GL0tSwGRY7:ByOjg7wq+eA12G2GL+SwL7

Malware Config

Targets

    • Target

      85668e50e43c6e8092232db81eb943a9e30f12eb540017a3283428949b164a45

    • Size

      712KB

    • MD5

      2cf9032670f193d7ff08bfdcd8700485

    • SHA1

      93d6d68d4e6fb8e0e30c6116bd23cff208274955

    • SHA256

      85668e50e43c6e8092232db81eb943a9e30f12eb540017a3283428949b164a45

    • SHA512

      8bd878823f54e646eb479008c7eab835e77ef6bfb27a0f46932531a2ed6a4ccb1e9eb43e0b0623d7e61ab5496fbf3cb7feaca956fd0858af4f1ff579b4a98648

    • SSDEEP

      12288:CMrDy90drbyARFB1zts6QHQI7/pCLh/mA12Aqo2GL0tSwGRY7:ByOjg7wq+eA12G2GL+SwL7

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks