Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5263ee44519d3d416ec840fd28e3757c

  • Size

    512KB

  • Sample

    240111-dt92ssdfak

  • MD5

    5263ee44519d3d416ec840fd28e3757c

  • SHA1

    b9f96e553e4e668d14d01d60ff67e4f647545906

  • SHA256

    84d7ddcbfd77db7442c481199561925908aca7c30f36a28a39ceeafa0e9210ff

  • SHA512

    8929f25b5a14b77f367fd52fcdce3ff915fa55b16777c2439c2452fd8d79fe33ef5a5183ca03954b7bc8d556298ecafb2634f546fcb2e4c19a1f50ac9413154b

  • SSDEEP

    6144:1VY0W0sVVZ/dkq5BCoFaJ2i5Lf24C07N5OvSLTUF6pQxI6Upe2cBnTu19bcodj6W:1gDhdkq5BCoC5LfWSLTUQpr2Zu19Qm5r

Malware Config

Targets

    • Target

      5263ee44519d3d416ec840fd28e3757c

    • Size

      512KB

    • MD5

      5263ee44519d3d416ec840fd28e3757c

    • SHA1

      b9f96e553e4e668d14d01d60ff67e4f647545906

    • SHA256

      84d7ddcbfd77db7442c481199561925908aca7c30f36a28a39ceeafa0e9210ff

    • SHA512

      8929f25b5a14b77f367fd52fcdce3ff915fa55b16777c2439c2452fd8d79fe33ef5a5183ca03954b7bc8d556298ecafb2634f546fcb2e4c19a1f50ac9413154b

    • SSDEEP

      6144:1VY0W0sVVZ/dkq5BCoFaJ2i5Lf24C07N5OvSLTUF6pQxI6Upe2cBnTu19bcodj6W:1gDhdkq5BCoC5LfWSLTUQpr2Zu19Qm5r

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Modifies Installed Components in the registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies WinLogon

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks