Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    076a4d1219f4591f24c63aa00c09c5f4

  • Size

    125KB

  • Sample

    231229-3sayraabhl

  • MD5

    076a4d1219f4591f24c63aa00c09c5f4

  • SHA1

    0c174d42d6c59474681c6770b2de6e62aea0ef94

  • SHA256

    33479ea5aa569dad18e4e048d08a0c8eb02f3d9e38d24313817180150502d603

  • SHA512

    ad926de06c5dcf80bc88f07a0b066a53877241e4431fd530372874c94ed041b68ee3bf6d744cde53889d8c39f7ee7ad4f10908766354c7358d7994903854df8d

  • SSDEEP

    3072:i9hYp3oqHVK/1OK5gakx1c2T2Of93F2Vkmm:wKp3xH0g0C1N2OfyVkV

Malware Config

Targets

    • Target

      076a4d1219f4591f24c63aa00c09c5f4

    • Size

      125KB

    • MD5

      076a4d1219f4591f24c63aa00c09c5f4

    • SHA1

      0c174d42d6c59474681c6770b2de6e62aea0ef94

    • SHA256

      33479ea5aa569dad18e4e048d08a0c8eb02f3d9e38d24313817180150502d603

    • SHA512

      ad926de06c5dcf80bc88f07a0b066a53877241e4431fd530372874c94ed041b68ee3bf6d744cde53889d8c39f7ee7ad4f10908766354c7358d7994903854df8d

    • SSDEEP

      3072:i9hYp3oqHVK/1OK5gakx1c2T2Of93F2Vkmm:wKp3xH0g0C1N2OfyVkV

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Sets service image path in registry

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks