Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e8e31831c564f19da08c88a4f6509a6c31782e7abaedc99e7d495b9cd1925461

  • Size

    430KB

  • Sample

    240409-d13w3adb65

  • MD5

    256cd763591443a340825e710f6ff943

  • SHA1

    1026d2c1862d5a7496f85bdebb098378c6aa6a1d

  • SHA256

    e8e31831c564f19da08c88a4f6509a6c31782e7abaedc99e7d495b9cd1925461

  • SHA512

    cd154308494bedc1b8c4ba63f23c3e31c8685367a7540d04594a231875845764b211527040eea1c629ec97e37f2040a4a4e7885586c2c274899fbaa2c0c239fd

  • SSDEEP

    12288:lXa8sKeNUnOIe0H95P8TryhippSQEcgm3E2LWKLyLe:lq8BeNUnOY5P8qYxE6EKLyy

Malware Config

Targets

    • Target

      e8e31831c564f19da08c88a4f6509a6c31782e7abaedc99e7d495b9cd1925461

    • Size

      430KB

    • MD5

      256cd763591443a340825e710f6ff943

    • SHA1

      1026d2c1862d5a7496f85bdebb098378c6aa6a1d

    • SHA256

      e8e31831c564f19da08c88a4f6509a6c31782e7abaedc99e7d495b9cd1925461

    • SHA512

      cd154308494bedc1b8c4ba63f23c3e31c8685367a7540d04594a231875845764b211527040eea1c629ec97e37f2040a4a4e7885586c2c274899fbaa2c0c239fd

    • SSDEEP

      12288:lXa8sKeNUnOIe0H95P8TryhippSQEcgm3E2LWKLyLe:lq8BeNUnOY5P8qYxE6EKLyy

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks