Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9f9e7c73bfc5cd2df4e491d9cef0323f2e6d259b0651c72b89e3da1d80ee35a0

  • Size

    169KB

  • Sample

    240409-avsx5age53

  • MD5

    5cad99edfdf6709966e57336fc0c98ff

  • SHA1

    d7473d64e5a5ffbd19e5e6bfb250c26e6dd34cce

  • SHA256

    9f9e7c73bfc5cd2df4e491d9cef0323f2e6d259b0651c72b89e3da1d80ee35a0

  • SHA512

    939a57fad2c6e96d7c2728a54bbf5d82992c4c1979bc3892f50ac175265578b4f8a98639fc29ca06f4cee8c61786033562eef12dbb5c8cbb6ce4ee82f6321204

  • SSDEEP

    3072:ASpjbLl/gvQoutW1Tj4mYWR/RwDZvrrDqJeN1awj55rmjGQs8NmrlUp3:A8jluQoSoIo5RwDZvceZoDs8Nmryp3

Malware Config

Targets

    • Target

      9f9e7c73bfc5cd2df4e491d9cef0323f2e6d259b0651c72b89e3da1d80ee35a0

    • Size

      169KB

    • MD5

      5cad99edfdf6709966e57336fc0c98ff

    • SHA1

      d7473d64e5a5ffbd19e5e6bfb250c26e6dd34cce

    • SHA256

      9f9e7c73bfc5cd2df4e491d9cef0323f2e6d259b0651c72b89e3da1d80ee35a0

    • SHA512

      939a57fad2c6e96d7c2728a54bbf5d82992c4c1979bc3892f50ac175265578b4f8a98639fc29ca06f4cee8c61786033562eef12dbb5c8cbb6ce4ee82f6321204

    • SSDEEP

      3072:ASpjbLl/gvQoutW1Tj4mYWR/RwDZvrrDqJeN1awj55rmjGQs8NmrlUp3:A8jluQoSoIo5RwDZvceZoDs8Nmryp3

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks