Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1f7655304aa726f017a0bffe86506188f80e88ced5e8505313e536258016c9aa

  • Size

    931KB

  • Sample

    240312-w35gsafh91

  • MD5

    5fed3492e636f5e25aa1d9287c25fd36

  • SHA1

    dd074d7956e5a770104f31f9a3cc4444b5b53e2f

  • SHA256

    1f7655304aa726f017a0bffe86506188f80e88ced5e8505313e536258016c9aa

  • SHA512

    e814f09523b92c9c5378f0e7983d38f83c024307df69bdb228f75eedd08c2f3d0758e0e8f0bd5bee3cc4a1c12127d87a4a340b98888eed7eb85ddc7fd4b18163

  • SSDEEP

    24576:CTbi7jJbJx7Qcj7R3zKtYtNSgCjTUvKKjHo906Ytr:3JbH0SR3zK0SgCfUmRYtr

Malware Config

Targets

    • Target

      1f7655304aa726f017a0bffe86506188f80e88ced5e8505313e536258016c9aa

    • Size

      931KB

    • MD5

      5fed3492e636f5e25aa1d9287c25fd36

    • SHA1

      dd074d7956e5a770104f31f9a3cc4444b5b53e2f

    • SHA256

      1f7655304aa726f017a0bffe86506188f80e88ced5e8505313e536258016c9aa

    • SHA512

      e814f09523b92c9c5378f0e7983d38f83c024307df69bdb228f75eedd08c2f3d0758e0e8f0bd5bee3cc4a1c12127d87a4a340b98888eed7eb85ddc7fd4b18163

    • SSDEEP

      24576:CTbi7jJbJx7Qcj7R3zKtYtNSgCjTUvKKjHo906Ytr:3JbH0SR3zK0SgCfUmRYtr

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks