Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    85969e612cc295_JC.exe

  • Size

    294KB

  • Sample

    230717-p8zedsca39

  • MD5

    85969e612cc2957f0ebd355b440b7985

  • SHA1

    4cb45ca620930efe1f6ff0f6c77f81b6c3cbad94

  • SHA256

    77331e04422facb7b64a64d0fe695ef86a4b41983061b6d747c4711ffc29e421

  • SHA512

    fe64965b482e8d58060d2a3442e6b2ddaf9d0dec12c60c5636ae5a5ce04da1a3a8886346f15904f7f65aaa04c43ddd73165a17efa6e95308f01bbae6762afa35

  • SSDEEP

    6144:MZQ8mak00JUWTfwZXl2eQ6kcvj9dv429k1OL/cQ8jxUQ5egNlEz:SQ8PKTwRM6kcvRTkcL/1exUQ5x

Malware Config

Targets

    • Target

      85969e612cc295_JC.exe

    • Size

      294KB

    • MD5

      85969e612cc2957f0ebd355b440b7985

    • SHA1

      4cb45ca620930efe1f6ff0f6c77f81b6c3cbad94

    • SHA256

      77331e04422facb7b64a64d0fe695ef86a4b41983061b6d747c4711ffc29e421

    • SHA512

      fe64965b482e8d58060d2a3442e6b2ddaf9d0dec12c60c5636ae5a5ce04da1a3a8886346f15904f7f65aaa04c43ddd73165a17efa6e95308f01bbae6762afa35

    • SSDEEP

      6144:MZQ8mak00JUWTfwZXl2eQ6kcvj9dv429k1OL/cQ8jxUQ5egNlEz:SQ8PKTwRM6kcvRTkcL/1exUQ5x

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks