Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d3c70aad6b05c8e6f4d78dcd3adc10973bba148980c1acd2b1252bf5c2d549b1

  • Size

    1.9MB

  • Sample

    240416-cwsd4afb99

  • MD5

    6118821615938e49bb9f714ca248668d

  • SHA1

    0117cd3f90406472c8d2d65e50cf77fd4e1741e4

  • SHA256

    d3c70aad6b05c8e6f4d78dcd3adc10973bba148980c1acd2b1252bf5c2d549b1

  • SHA512

    1f22f6909c95d7fec03014357de82554286737cadfbdc12060234740f6bc9a61273c79c613dd473da5ff7e2c517c331590db21e11fc5e3915a5bebe71a12626e

  • SSDEEP

    49152:d22WklVa2fFf/PSZuMtnDeBWRI7r3zHgIkM+K/elTmKbOx6R2yQj:HWAaIf/PuxeYRIfjhkM+KuiKbOx62yq

Malware Config

Targets

    • Target

      d3c70aad6b05c8e6f4d78dcd3adc10973bba148980c1acd2b1252bf5c2d549b1

    • Size

      1.9MB

    • MD5

      6118821615938e49bb9f714ca248668d

    • SHA1

      0117cd3f90406472c8d2d65e50cf77fd4e1741e4

    • SHA256

      d3c70aad6b05c8e6f4d78dcd3adc10973bba148980c1acd2b1252bf5c2d549b1

    • SHA512

      1f22f6909c95d7fec03014357de82554286737cadfbdc12060234740f6bc9a61273c79c613dd473da5ff7e2c517c331590db21e11fc5e3915a5bebe71a12626e

    • SSDEEP

      49152:d22WklVa2fFf/PSZuMtnDeBWRI7r3zHgIkM+K/elTmKbOx6R2yQj:HWAaIf/PuxeYRIfjhkM+KuiKbOx62yq

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks