Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e62ff2838a876317e47b011471a777cd893c5214929d242d5d769f3de54dc59b

  • Size

    376KB

  • Sample

    230505-nwyfwsbh9s

  • MD5

    c0827adfc2e3d38eb20f53cd9edd4a72

  • SHA1

    2885da3885c3b51c445cc8100a1f57f81b8a0c26

  • SHA256

    e62ff2838a876317e47b011471a777cd893c5214929d242d5d769f3de54dc59b

  • SHA512

    b4570fc29128dac76e5730ed638eefe2a4a68d9971cc4c8fd45959319164cadfef2674ce3dcfb23897b7806b71ef3d90786b500458a664e5c7d6ccef41ff509a

  • SSDEEP

    6144:Kmy+bnr+3p0yN90QE4MO/uVMLigb6uAavzUZWvGamX66T5fejqCxjB:6MrXy90if/u+WgbZZzUZWvGamXZtf+r

Malware Config

Targets

    • Target

      e62ff2838a876317e47b011471a777cd893c5214929d242d5d769f3de54dc59b

    • Size

      376KB

    • MD5

      c0827adfc2e3d38eb20f53cd9edd4a72

    • SHA1

      2885da3885c3b51c445cc8100a1f57f81b8a0c26

    • SHA256

      e62ff2838a876317e47b011471a777cd893c5214929d242d5d769f3de54dc59b

    • SHA512

      b4570fc29128dac76e5730ed638eefe2a4a68d9971cc4c8fd45959319164cadfef2674ce3dcfb23897b7806b71ef3d90786b500458a664e5c7d6ccef41ff509a

    • SSDEEP

      6144:Kmy+bnr+3p0yN90QE4MO/uVMLigb6uAavzUZWvGamX66T5fejqCxjB:6MrXy90if/u+WgbZZzUZWvGamXZtf+r

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks