Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7

  • Size

    380KB

  • Sample

    240406-1mh13acf29

  • MD5

    27bd6a24c370d62ee3b2d9a1f94df5b9

  • SHA1

    8b3221d6ab0bc6633c00282746dd23c8bd393b39

  • SHA256

    64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7

  • SHA512

    7e9dd4a88a4107ed66a51232ec5da5995d69f429778ac2bdd31ee250319154dbb226e3b86cd7f3b43265a5dd83ef88b416a17f1768150ca31f5217e3f79eee18

  • SSDEEP

    6144:JXC4vgmhbIxs3NBBxrChiMgj+brinpMzXYYNElM7OlAL4/GQAZEarkPqBmwAKxMw:JXCNi9BPz1einqXYYNvDL4h3ahBmwAJw

Malware Config

Targets

    • Target

      64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7

    • Size

      380KB

    • MD5

      27bd6a24c370d62ee3b2d9a1f94df5b9

    • SHA1

      8b3221d6ab0bc6633c00282746dd23c8bd393b39

    • SHA256

      64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7

    • SHA512

      7e9dd4a88a4107ed66a51232ec5da5995d69f429778ac2bdd31ee250319154dbb226e3b86cd7f3b43265a5dd83ef88b416a17f1768150ca31f5217e3f79eee18

    • SSDEEP

      6144:JXC4vgmhbIxs3NBBxrChiMgj+brinpMzXYYNElM7OlAL4/GQAZEarkPqBmwAKxMw:JXCNi9BPz1einqXYYNvDL4h3ahBmwAJw

    • Detects executables containing possible sandbox analysis VM usernames

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks