Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    01227799.exe

  • Size

    366KB

  • Sample

    230609-hls6jabb68

  • MD5

    ee33c75ed9799db8d45078a01de53447

  • SHA1

    434215fb9b1034f8d4e19a54e4d83979249a1294

  • SHA256

    170680a09289ac6969171ff4173cd7a17106b8a5a3443ca4c987cb32bdc39808

  • SHA512

    1bba20041ca43a75add349bc0e28b61d683d40553ed4e6d07829ee89c011fb8331fcafb27ae0583ed57368c40272d78de11965e8be63d74248f54bed3b5299bc

  • SSDEEP

    6144:sLh5iWs5gArF3LDd84ESQoCGhWg2ZQkyDfTbjfyLX1WYaaGM6Btc2:sN5iWs5gZ4E6CyWgcQBzvja4YaaUtc2

Malware Config

Targets

    • Target

      01227799.exe

    • Size

      366KB

    • MD5

      ee33c75ed9799db8d45078a01de53447

    • SHA1

      434215fb9b1034f8d4e19a54e4d83979249a1294

    • SHA256

      170680a09289ac6969171ff4173cd7a17106b8a5a3443ca4c987cb32bdc39808

    • SHA512

      1bba20041ca43a75add349bc0e28b61d683d40553ed4e6d07829ee89c011fb8331fcafb27ae0583ed57368c40272d78de11965e8be63d74248f54bed3b5299bc

    • SSDEEP

      6144:sLh5iWs5gArF3LDd84ESQoCGhWg2ZQkyDfTbjfyLX1WYaaGM6Btc2:sN5iWs5gZ4E6CyWgcQBzvja4YaaUtc2

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

    • mimikatz is an open source tool to dump credentials on Windows

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v6

Tasks