Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    https://external.instastalker.net/aHR0cHM6Ly9zY29udGVudC1sZ2EzLTEuY2RuaW5zdGFncmFtLmNvbS9vMS92L3QxNi9mMS9tNzgvMjI0MjRFNjA0ODFCNzA4MTI0NUFCNzM4NTVBNDZGQkNfdmlkZW9fZGFzaGluaXQubXA0P2VmZz1leUoyWlc1amIyUmxYM1JoWnlJNkluWjBjMTkyYjJSZmRYSnNaMlZ1TG5OMGIzSjVMbU14TGpVM05pNWlZWE5sYkdsdVpTSjkmX25jX2h0PXNjb250ZW50LWxnYTMtMS5jZG5pbnN0YWdyYW0uY29tJl9uY19jYXQ9MTAwJnZzPTE0NTg0MjY5MTEzODU4OTdfMjg3MTAyODYyMyZfbmNfdnM9SEJrc0ZRSVlVV2xuWDNod2RsOXdiR0ZqWlcxbGJuUmZjR1Z5YldGdVpXNTBYM1l5THpJeU5ESTBSVFl3TkRneFFqY3dPREV5TkRWQlFqY3pPRFUxUVRRMlJrSkRYM1pwWkdWdlgyUmhjMmhwYm1sMExtMXdOQlVBQXNnQkFCVUNHRHB3WVhOemRHaHliM1ZuYUY5bGRtVnljM1J2Y21VdlIwaFBkRlpvYWw4d1lsRlNUWE5CUTBGTExVeEJVa1ZsTUc5V1oySndhM2RCUVVGR0ZRSUN5QUVBS0FBWUFCc0JpQWQxYzJWZmIybHNBVEVWQUFBbSUyRk8zS3Y5Q0c5ajhWQWlnQ1F6TXNGMEF2ek16TXpNek5HQkprWVhOb1gySmhjMlZzYVc1bFh6RmZkakVSQUhYb0J3QSUzRCZjY2I9OS00Jm9oPTAwX0FmQkFORzVMWVpucE5BVFBhWkgwZW9KRTBISmlreUtsYlVod3dBSGVZbXdIZVEmb2U9NjYxMjNCMTYmX25jX3NpZD05ODJjYzc=

  • Sample

    240405-x8xjssce56

Malware Config

Targets

    • Target

      https://external.instastalker.net/aHR0cHM6Ly9zY29udGVudC1sZ2EzLTEuY2RuaW5zdGFncmFtLmNvbS9vMS92L3QxNi9mMS9tNzgvMjI0MjRFNjA0ODFCNzA4MTI0NUFCNzM4NTVBNDZGQkNfdmlkZW9fZGFzaGluaXQubXA0P2VmZz1leUoyWlc1amIyUmxYM1JoWnlJNkluWjBjMTkyYjJSZmRYSnNaMlZ1TG5OMGIzSjVMbU14TGpVM05pNWlZWE5sYkdsdVpTSjkmX25jX2h0PXNjb250ZW50LWxnYTMtMS5jZG5pbnN0YWdyYW0uY29tJl9uY19jYXQ9MTAwJnZzPTE0NTg0MjY5MTEzODU4OTdfMjg3MTAyODYyMyZfbmNfdnM9SEJrc0ZRSVlVV2xuWDNod2RsOXdiR0ZqWlcxbGJuUmZjR1Z5YldGdVpXNTBYM1l5THpJeU5ESTBSVFl3TkRneFFqY3dPREV5TkRWQlFqY3pPRFUxUVRRMlJrSkRYM1pwWkdWdlgyUmhjMmhwYm1sMExtMXdOQlVBQXNnQkFCVUNHRHB3WVhOemRHaHliM1ZuYUY5bGRtVnljM1J2Y21VdlIwaFBkRlpvYWw4d1lsRlNUWE5CUTBGTExVeEJVa1ZsTUc5V1oySndhM2RCUVVGR0ZRSUN5QUVBS0FBWUFCc0JpQWQxYzJWZmIybHNBVEVWQUFBbSUyRk8zS3Y5Q0c5ajhWQWlnQ1F6TXNGMEF2ek16TXpNek5HQkprWVhOb1gySmhjMlZzYVc1bFh6RmZkakVSQUhYb0J3QSUzRCZjY2I9OS00Jm9oPTAwX0FmQkFORzVMWVpucE5BVFBhWkgwZW9KRTBISmlreUtsYlVod3dBSGVZbXdIZVEmb2U9NjYxMjNCMTYmX25jX3NpZD05ODJjYzc=

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks