Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Archive.zip

  • Size

    2KB

  • Sample

    240126-r6ggxahdgr

  • MD5

    8da5a6c5098c1d36dcd046a12b3adcb1

  • SHA1

    58fce8440a62238bde216e79e17461721a8da5b4

  • SHA256

    5c0ea6873ce7e54899a1f10e66e96964f0232e7cae1c6b750875f8576988f7ed

  • SHA512

    a7beddec5e4ec4f412c97f951114b0344f8e9ea5d4a70156be9b55d84c7df810ec981c367db776231db53350eeb3f1e399e5c310ec2f44059c0bf607e125e546

Malware Config

Targets

    • Target

      Archive.zip

    • Size

      2KB

    • MD5

      8da5a6c5098c1d36dcd046a12b3adcb1

    • SHA1

      58fce8440a62238bde216e79e17461721a8da5b4

    • SHA256

      5c0ea6873ce7e54899a1f10e66e96964f0232e7cae1c6b750875f8576988f7ed

    • SHA512

      a7beddec5e4ec4f412c97f951114b0344f8e9ea5d4a70156be9b55d84c7df810ec981c367db776231db53350eeb3f1e399e5c310ec2f44059c0bf607e125e546

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Registers COM server for autorun

    • Adds Run key to start application

    • Checks for any installed AV software in registry

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Target

      Pic1 (1).8xi

    • Size

      832B

    • MD5

      e4fdb42a6bbfcd318b35de3409f045a9

    • SHA1

      ebdf2f93ebcd7ceb571be58795c2da461ce8e464

    • SHA256

      a4c644438d0c476633c14f1ad3c6fcc4cc541a1aa6c018b58de7e6c1052770ba

    • SHA512

      476879bd221c8f67aff10e05207831837c68509436770b101ea761250e0502761da312d9db993c8c9b0a55b5580f9d675c087284c7d8c79eedc56a938bd49738

    Score
    3/10
    • Target

      Pic2.8xi

    • Size

      832B

    • MD5

      2bb2f0f38df5cf0a278e55125ab040a7

    • SHA1

      c3ff2c2ce7df76108556027d13efcc161a431fdb

    • SHA256

      096b64d1e7871caa62d977bdd799ba86f6a29c02bcc2aba9a8790edc6d05478d

    • SHA512

      b341b9e28efd709402f39e38702404186c29c87239ebf5656e09a9a1ef0b96727d7967159927e5cd9f5cbce32e6349ee05ebff2e4bd5ecc73eef36bc9883461d

    Score
    3/10
    • Target

      Pic3.8xi

    • Size

      832B

    • MD5

      5c732e13e0a0ab7655c5c2aead44dbc5

    • SHA1

      c6b6ef3f07db7b481f2aef231e10c511ea8269ac

    • SHA256

      52e51867f61554f92b23c75410e41eba38f4d1400454f43d3ff151f840b742f6

    • SHA512

      7cd71f3478975e98fece2ddad9069fb2853d0b99a6535efff7feada990d4bfe8e656bbaf85d3b9be26566939e0b79220d0360c1d1075a93d5e8cbce7b083eb1c

    Score
    3/10
    • Target

      Pic4.8xi

    • Size

      832B

    • MD5

      d8ec4557fe9e91ff78363df1b7cd10a6

    • SHA1

      e71d4f8c5c0a2490f8154bc5abeb5a45f2bf1844

    • SHA256

      3362b26128352907e8a744f810997977fdb0c1457a9724b351ed89ee3a35c7d8

    • SHA512

      10ca5c2bb20378f9ee646f254155be3d760f20573b12e738147bd65393d53a9543649daaa1605b134c7bda6c50fd6313539b08f5edbd93831fec31d0805918e8

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks