Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5

  • Size

    1.6MB

  • Sample

    240406-1p9a2acf93

  • MD5

    7a1f56f37102bc82c42c6825167e915a

  • SHA1

    dd5202beee3de0fb83b051c779bfafe268f295a0

  • SHA256

    6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5

  • SHA512

    8b1bffe2be9e5c44f495ec6b5928104e60c107521fb2f09592713d140be66a878bace50a16762004daccec42bd3316385e9bbde342a082b976f5600b90bebecf

  • SSDEEP

    49152:pAslvtvZz94wR/qqG4JEUhkjt3tls1AQuYSOKcWOQ:RvZzWw5hajt3tlwLKcNQ

Malware Config

Targets

    • Target

      6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5

    • Size

      1.6MB

    • MD5

      7a1f56f37102bc82c42c6825167e915a

    • SHA1

      dd5202beee3de0fb83b051c779bfafe268f295a0

    • SHA256

      6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5

    • SHA512

      8b1bffe2be9e5c44f495ec6b5928104e60c107521fb2f09592713d140be66a878bace50a16762004daccec42bd3316385e9bbde342a082b976f5600b90bebecf

    • SSDEEP

      49152:pAslvtvZz94wR/qqG4JEUhkjt3tls1AQuYSOKcWOQ:RvZzWw5hajt3tlwLKcNQ

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks