Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4df7e7e09adce9b3f4b523923d8e21f3

  • Size

    512KB

  • Sample

    240109-lj2lnsdddm

  • MD5

    4df7e7e09adce9b3f4b523923d8e21f3

  • SHA1

    1b86839a4bc5b385014967c395df0c306221c91b

  • SHA256

    464a5697ee6a51a31ce135f954a7d65105eeeb28a9f5f9f29f3c02a1c7c17623

  • SHA512

    25cc24ff3f0ec29f3ecab3e0ac562a363dc43ecb077eea7c59c5276e867881253ba79da36b6f653753ef9b3ed5cd6777c83a1d4ae21b2c1ee1ffedb7a9dd3cae

  • SSDEEP

    6144:1VY0W0sVVZ/dkq5BCoFaJ2i5Lf24C07N5OvSLTUF6pQxI6Upe2cBnTu19bcodj6Q:1gDhdkq5BCoC5LfWSLTUQpr2Zu19Qm5p

Malware Config

Targets

    • Target

      4df7e7e09adce9b3f4b523923d8e21f3

    • Size

      512KB

    • MD5

      4df7e7e09adce9b3f4b523923d8e21f3

    • SHA1

      1b86839a4bc5b385014967c395df0c306221c91b

    • SHA256

      464a5697ee6a51a31ce135f954a7d65105eeeb28a9f5f9f29f3c02a1c7c17623

    • SHA512

      25cc24ff3f0ec29f3ecab3e0ac562a363dc43ecb077eea7c59c5276e867881253ba79da36b6f653753ef9b3ed5cd6777c83a1d4ae21b2c1ee1ffedb7a9dd3cae

    • SSDEEP

      6144:1VY0W0sVVZ/dkq5BCoFaJ2i5Lf24C07N5OvSLTUF6pQxI6Upe2cBnTu19bcodj6Q:1gDhdkq5BCoC5LfWSLTUQpr2Zu19Qm5p

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies WinLogon

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks