Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    04011991fcd54bb4cb7b3ea50d109eb0f312398e98ccb883ff81678aa11353dd

  • Size

    376KB

  • Sample

    230505-e11mdaac4t

  • MD5

    2506983bf103044d04143996a47e4bcf

  • SHA1

    d1f94018c17fbdab3abdf3a83ff3c480c1bc0485

  • SHA256

    04011991fcd54bb4cb7b3ea50d109eb0f312398e98ccb883ff81678aa11353dd

  • SHA512

    657dd57ad1c657b044e64a7a38604e3fd7718b8365e0b4804b2a7cbddba2cfeea5f197590b78f6f79e9b8cc517932effc871685d63c2b26130e195d59c6c4d1e

  • SSDEEP

    6144:Kby+bnr+jp0yN90QE9zstN9Hk511yU0FgjRPc+mJincoOvT3bn:FMrvy90Xq7HQ1yU04x6inYvT7

Malware Config

Targets

    • Target

      04011991fcd54bb4cb7b3ea50d109eb0f312398e98ccb883ff81678aa11353dd

    • Size

      376KB

    • MD5

      2506983bf103044d04143996a47e4bcf

    • SHA1

      d1f94018c17fbdab3abdf3a83ff3c480c1bc0485

    • SHA256

      04011991fcd54bb4cb7b3ea50d109eb0f312398e98ccb883ff81678aa11353dd

    • SHA512

      657dd57ad1c657b044e64a7a38604e3fd7718b8365e0b4804b2a7cbddba2cfeea5f197590b78f6f79e9b8cc517932effc871685d63c2b26130e195d59c6c4d1e

    • SSDEEP

      6144:Kby+bnr+jp0yN90QE9zstN9Hk511yU0FgjRPc+mJincoOvT3bn:FMrvy90Xq7HQ1yU04x6inYvT7

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks