Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    877fe09e6d8d6366ced5b491ad180125

  • Size

    365KB

  • Sample

    240201-wbnd7adddj

  • MD5

    877fe09e6d8d6366ced5b491ad180125

  • SHA1

    b377f980ac2b10a11c46d0017cc29b9ebc313ca9

  • SHA256

    fedefb45f91e645780673132bbe189443512a36bbf4f2c042e41254c74e6320c

  • SHA512

    f82e79d6c99c66a7a2fd643d4b5082046397ca8dbba79c328f23124a6d84222e8e1d899933398ab63bad8d3f1277d7a1195a62cc444b40428d607700378f2912

  • SSDEEP

    6144:hGyG9i2wAWfMrpUHOZEIiS5cBppSj+3sTjA35E8CQuwbQ/59osKzpudHUmDlsGtx:h3Ui7M+HOCdIcFSj+8TjA35EIuX/ksKY

Malware Config

Targets

    • Target

      877fe09e6d8d6366ced5b491ad180125

    • Size

      365KB

    • MD5

      877fe09e6d8d6366ced5b491ad180125

    • SHA1

      b377f980ac2b10a11c46d0017cc29b9ebc313ca9

    • SHA256

      fedefb45f91e645780673132bbe189443512a36bbf4f2c042e41254c74e6320c

    • SHA512

      f82e79d6c99c66a7a2fd643d4b5082046397ca8dbba79c328f23124a6d84222e8e1d899933398ab63bad8d3f1277d7a1195a62cc444b40428d607700378f2912

    • SSDEEP

      6144:hGyG9i2wAWfMrpUHOZEIiS5cBppSj+3sTjA35E8CQuwbQ/59osKzpudHUmDlsGtx:h3Ui7M+HOCdIcFSj+8TjA35EIuX/ksKY

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Registers COM server for autorun

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks