Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    861147121d89a1e196513449a59f487fb2c5b0aa3d900fb83206b1bcd802b47e

  • Size

    1.2MB

  • Sample

    230504-tzwz5afe81

  • MD5

    de45c16b250f8686ff14a8a6bfa8db42

  • SHA1

    866e1a36145a42de5061be8412a5ec9d87ac5027

  • SHA256

    861147121d89a1e196513449a59f487fb2c5b0aa3d900fb83206b1bcd802b47e

  • SHA512

    ca43bffbaa6a65b36fedc5e1108938c2587a205658e886e757fc95d31f7546357790ca7945a0247eaedf6b99988150b9d31b1b3abc4a98c5bcdb4c73948b284d

  • SSDEEP

    24576:eygcBqqN1doDuGMj/yrmO3RP/HEJuYsyBwX/B4k7vucd9gEq3rfXU:tJqc1dofM2rmwPvpyBwXJJPz1q3r

Malware Config

Targets

    • Target

      861147121d89a1e196513449a59f487fb2c5b0aa3d900fb83206b1bcd802b47e

    • Size

      1.2MB

    • MD5

      de45c16b250f8686ff14a8a6bfa8db42

    • SHA1

      866e1a36145a42de5061be8412a5ec9d87ac5027

    • SHA256

      861147121d89a1e196513449a59f487fb2c5b0aa3d900fb83206b1bcd802b47e

    • SHA512

      ca43bffbaa6a65b36fedc5e1108938c2587a205658e886e757fc95d31f7546357790ca7945a0247eaedf6b99988150b9d31b1b3abc4a98c5bcdb4c73948b284d

    • SSDEEP

      24576:eygcBqqN1doDuGMj/yrmO3RP/HEJuYsyBwX/B4k7vucd9gEq3rfXU:tJqc1dofM2rmwPvpyBwXJJPz1q3r

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks