Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3c9d69abfeb5614351d8c5fb910137c1ac7e2ca74c29f8b98dc7f3254cc743b8

  • Size

    376KB

  • Sample

    230505-ns2n5sbh41

  • MD5

    4db589dcc07b7ac23361bc2020bc35c9

  • SHA1

    d55c9f34a7feba1573882a673185a7eada7fc372

  • SHA256

    3c9d69abfeb5614351d8c5fb910137c1ac7e2ca74c29f8b98dc7f3254cc743b8

  • SHA512

    d2ceeb3bb799baa250ed7e2de6383c47d336d59be32cf7f6c2e0cf35d6912652e54581b21b275abd26d92a65f79204a1de32091443a4ad57f2e144de6aae3ffb

  • SSDEEP

    6144:Kgy+bnr+Cp0yN90QEfEuHX/d8Kk1jvg21mc4zwbFHCbcqhdEiAt39mg:UMrey90au3l8621EwpiDhaiAt31

Malware Config

Targets

    • Target

      3c9d69abfeb5614351d8c5fb910137c1ac7e2ca74c29f8b98dc7f3254cc743b8

    • Size

      376KB

    • MD5

      4db589dcc07b7ac23361bc2020bc35c9

    • SHA1

      d55c9f34a7feba1573882a673185a7eada7fc372

    • SHA256

      3c9d69abfeb5614351d8c5fb910137c1ac7e2ca74c29f8b98dc7f3254cc743b8

    • SHA512

      d2ceeb3bb799baa250ed7e2de6383c47d336d59be32cf7f6c2e0cf35d6912652e54581b21b275abd26d92a65f79204a1de32091443a4ad57f2e144de6aae3ffb

    • SSDEEP

      6144:Kgy+bnr+Cp0yN90QEfEuHX/d8Kk1jvg21mc4zwbFHCbcqhdEiAt39mg:UMrey90au3l8621EwpiDhaiAt31

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks