Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1908ac4f8a73b733d73aa9b96cdee546d683be181a2c223a030c4c64963a83f7

  • Size

    479KB

  • Sample

    230505-3b7w6ahd3x

  • MD5

    9d80832735ae71fd82bdc1af3f595c80

  • SHA1

    7e41c144a09352b91a0950509fe337794d4616c7

  • SHA256

    1908ac4f8a73b733d73aa9b96cdee546d683be181a2c223a030c4c64963a83f7

  • SHA512

    821cd36e86ac1cca2f2f2e0c46688447b618e12516471e32f53ecff44606e049e6bf36bab2f4b0911e171a6327ecf49ef5eafabd74073b8346d42ac8f3d07f26

  • SSDEEP

    12288:YMrZy90VMi7eiXRjEiiABpAI2yOWzKqASJ6iob27WqhEhB:ByvURQFABeUKqA663b27qhB

Malware Config

Targets

    • Target

      1908ac4f8a73b733d73aa9b96cdee546d683be181a2c223a030c4c64963a83f7

    • Size

      479KB

    • MD5

      9d80832735ae71fd82bdc1af3f595c80

    • SHA1

      7e41c144a09352b91a0950509fe337794d4616c7

    • SHA256

      1908ac4f8a73b733d73aa9b96cdee546d683be181a2c223a030c4c64963a83f7

    • SHA512

      821cd36e86ac1cca2f2f2e0c46688447b618e12516471e32f53ecff44606e049e6bf36bab2f4b0911e171a6327ecf49ef5eafabd74073b8346d42ac8f3d07f26

    • SSDEEP

      12288:YMrZy90VMi7eiXRjEiiABpAI2yOWzKqASJ6iob27WqhEhB:ByvURQFABeUKqA663b27qhB

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks