Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    704b4f4e101ed35a3735ab0b586859ad.bin

  • Size

    7.2MB

  • Sample

    231030-b6x7naca44

  • MD5

    581afeb5e553c41f16876d92d75810c3

  • SHA1

    728f61dcf587523a9d0b8704e1e507a40275bfa0

  • SHA256

    758f07d5016b911094bd1eb55faf857ced243d65a1abfd61f8bce1d68857c707

  • SHA512

    9a651dfdfb94f9102b3858103fe10d2502e9d839ccbc156097510d99e54fb746285b41db7202804c2545c01fb548f114fdbed2c9cf433b30fef042ef8dd89e93

  • SSDEEP

    196608:SHeopky0YbP3b9YJueqxfI4NlAXGRMXsbPFL:S+oO7yfBlfdNlCGSXsbFL

Malware Config

Targets

    • Target

      992cc3e016d77ca48aa3c41231c003f1e1aae10ebd770fd519f6af1133c2674b.exe

    • Size

      7.3MB

    • MD5

      704b4f4e101ed35a3735ab0b586859ad

    • SHA1

      db554d46b64cfa45e057d9bb355b2ed610c79001

    • SHA256

      992cc3e016d77ca48aa3c41231c003f1e1aae10ebd770fd519f6af1133c2674b

    • SHA512

      7b8e7291ccb8e2eb7d88d09c906a032956a5ba93a5cc6da744c3425f2534a09d2dd3b69818e58eefc4e2f06768034286e8051d5ccd71fcc6842bb8a45dcb597a

    • SSDEEP

      196608:91Oe+bSAdYjIvc4Ch8eyBoSSAVxiNhdQdmv:3OUAS05BnSUIN8dM

    • Modifies Windows Defender Real-time Protection settings

    • Windows security bypass

    • Blocklisted process makes network request

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks