Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1694c0fe69e7b2a5e1fb8f76de91fa47.exe

  • Size

    512KB

  • Sample

    240103-sbkrhsfcdl

  • MD5

    1694c0fe69e7b2a5e1fb8f76de91fa47

  • SHA1

    96ef777ac2d8b9d5a2e7abca0954efc4a29bfa32

  • SHA256

    8211aac46563d0fe4e35480ba6879a4d54311e918bf022d8df6a360cc0c87c20

  • SHA512

    197ba89c8fb623d522f726fbaaa91fc9ba5976ae862aa6bae0bbb2467034807dc12ea83799cb33812b0d6ecc157a83155a30ea457c2ceb9a05ac6e8e2f6ac1ff

  • SSDEEP

    6144:1VY0W0sVVZ/dkq5BCoFaJ2i5Lf24C07N5OvSLTUF6pQxI6Upe2cBnTu19bcodj6S:1gDhdkq5BCoC5LfWSLTUQpr2Zu19Qm5v

Malware Config

Targets

    • Target

      1694c0fe69e7b2a5e1fb8f76de91fa47.exe

    • Size

      512KB

    • MD5

      1694c0fe69e7b2a5e1fb8f76de91fa47

    • SHA1

      96ef777ac2d8b9d5a2e7abca0954efc4a29bfa32

    • SHA256

      8211aac46563d0fe4e35480ba6879a4d54311e918bf022d8df6a360cc0c87c20

    • SHA512

      197ba89c8fb623d522f726fbaaa91fc9ba5976ae862aa6bae0bbb2467034807dc12ea83799cb33812b0d6ecc157a83155a30ea457c2ceb9a05ac6e8e2f6ac1ff

    • SSDEEP

      6144:1VY0W0sVVZ/dkq5BCoFaJ2i5Lf24C07N5OvSLTUF6pQxI6Upe2cBnTu19bcodj6S:1gDhdkq5BCoC5LfWSLTUQpr2Zu19Qm5v

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies WinLogon

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks