Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b3ad8a321dcea5ad59db78b145d9834d04bfbae7a012f9bbe3bfe2fedc73456b

  • Size

    826KB

  • Sample

    240315-2zttrsfa96

  • MD5

    31c834b603240c1f98618a98bc621acd

  • SHA1

    31d80e4096b74ace1b1c4f5ddb82e1a7f6569cd0

  • SHA256

    b3ad8a321dcea5ad59db78b145d9834d04bfbae7a012f9bbe3bfe2fedc73456b

  • SHA512

    228c262af1e73575dbcc22081d8d33f5ae1951e72735ba268d1aec7285b7fe9543df4692a02935ecb22d647a739a3af30792fcd3daacf8b584777cad3ddf8c67

  • SSDEEP

    24576:0+rE4ALnayErkEIKnx8L1DGuqygZEdLFn2FZTdW2io:D4F9EBI1GuiZEdpaf7io

Malware Config

Targets

    • Target

      b3ad8a321dcea5ad59db78b145d9834d04bfbae7a012f9bbe3bfe2fedc73456b

    • Size

      826KB

    • MD5

      31c834b603240c1f98618a98bc621acd

    • SHA1

      31d80e4096b74ace1b1c4f5ddb82e1a7f6569cd0

    • SHA256

      b3ad8a321dcea5ad59db78b145d9834d04bfbae7a012f9bbe3bfe2fedc73456b

    • SHA512

      228c262af1e73575dbcc22081d8d33f5ae1951e72735ba268d1aec7285b7fe9543df4692a02935ecb22d647a739a3af30792fcd3daacf8b584777cad3ddf8c67

    • SSDEEP

      24576:0+rE4ALnayErkEIKnx8L1DGuqygZEdLFn2FZTdW2io:D4F9EBI1GuiZEdpaf7io

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks