Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80

  • Size

    438KB

  • Sample

    240406-1qj3jaca5v

  • MD5

    5e664ea4e56e9031089ff8df51aa4863

  • SHA1

    a52f046e3dea3f90348099d2b34048b23d28530f

  • SHA256

    6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80

  • SHA512

    6e1d753bf52f176c849db955356884b073f6a5a4f841b586f2b26a3d66d71818181011e45091489bdb0b4a5f184f010b528f0c5ef83a625dfe1b6038001887a0

  • SSDEEP

    12288:A8EQoSMJhRrJxBaAQ6PpcgROeij3lRI0SJr:A8QJvjQ6hcgRu3G

Malware Config

Targets

    • Target

      6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80

    • Size

      438KB

    • MD5

      5e664ea4e56e9031089ff8df51aa4863

    • SHA1

      a52f046e3dea3f90348099d2b34048b23d28530f

    • SHA256

      6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80

    • SHA512

      6e1d753bf52f176c849db955356884b073f6a5a4f841b586f2b26a3d66d71818181011e45091489bdb0b4a5f184f010b528f0c5ef83a625dfe1b6038001887a0

    • SSDEEP

      12288:A8EQoSMJhRrJxBaAQ6PpcgROeij3lRI0SJr:A8QJvjQ6hcgRu3G

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks