Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Activation.cmd

  • Size

    22KB

  • Sample

    240309-1allesah79

  • MD5

    0956bff498b95698c5c5832929450c52

  • SHA1

    011d7ed5662e9f83b7634e37c343760a8e681946

  • SHA256

    39d8e8864bffd66e9dfb9dbde800bab761bba47c7c7007d50a7b37d80d5cd58d

  • SHA512

    e34555cb3de22d05a5d8e7dfcbc7e1eda2e6e2a0e5ec4ad22911d2557f68ae29f31cde834d09deb41c756c1de7103d638bdb194b2e23891d2a77d6f3fa66fb0f

  • SSDEEP

    384:E3739dR2Mv3+CpahCTu7bPUH3gPZ5SAJs:ELrR2Mv3+CpahC6nMH3gP63

Malware Config

Targets

    • Target

      Activation.cmd

    • Size

      22KB

    • MD5

      0956bff498b95698c5c5832929450c52

    • SHA1

      011d7ed5662e9f83b7634e37c343760a8e681946

    • SHA256

      39d8e8864bffd66e9dfb9dbde800bab761bba47c7c7007d50a7b37d80d5cd58d

    • SHA512

      e34555cb3de22d05a5d8e7dfcbc7e1eda2e6e2a0e5ec4ad22911d2557f68ae29f31cde834d09deb41c756c1de7103d638bdb194b2e23891d2a77d6f3fa66fb0f

    • SSDEEP

      384:E3739dR2Mv3+CpahCTu7bPUH3gPZ5SAJs:ELrR2Mv3+CpahC6nMH3gP63

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Registers COM server for autorun

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks