Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    388d1d5626a4192a172f9aa3351a679a

  • Size

    25KB

  • Sample

    231231-q2tq1afagl

  • MD5

    388d1d5626a4192a172f9aa3351a679a

  • SHA1

    4da2552f1e70e9882abda90409943c37c2830030

  • SHA256

    6d163443389051e1a8c4fe585e0b97d7a16fb6855f0b13a719e401d042819354

  • SHA512

    cfe2c7d11258fd6cb69bd37e789950e85b49c9c8a810864f8cb3e880aa252f70162757f45de423d63fa44bc807830f1349e9927c29127837ba5958f7097271a1

  • SSDEEP

    768:mSSdAWyLwqHq43GfWaTc/5pwSPt8uLFtR:mh7qK43VH4SPLr

Malware Config

Targets

    • Target

      388d1d5626a4192a172f9aa3351a679a

    • Size

      25KB

    • MD5

      388d1d5626a4192a172f9aa3351a679a

    • SHA1

      4da2552f1e70e9882abda90409943c37c2830030

    • SHA256

      6d163443389051e1a8c4fe585e0b97d7a16fb6855f0b13a719e401d042819354

    • SHA512

      cfe2c7d11258fd6cb69bd37e789950e85b49c9c8a810864f8cb3e880aa252f70162757f45de423d63fa44bc807830f1349e9927c29127837ba5958f7097271a1

    • SSDEEP

      768:mSSdAWyLwqHq43GfWaTc/5pwSPt8uLFtR:mh7qK43VH4SPLr

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks