Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    56c6cd18e30f501337a993bc99e2ecb478b07d7f0bf81da6a34d8a10c684c3a3

  • Size

    1.4MB

  • Sample

    240419-1myrhshb7y

  • MD5

    a25866283db6311bf1ca62bc2c104010

  • SHA1

    3ae2f477f007d5caf0c63d2801e66d73af9a8f9d

  • SHA256

    56c6cd18e30f501337a993bc99e2ecb478b07d7f0bf81da6a34d8a10c684c3a3

  • SHA512

    f02edccc3e15cbde06f5263cc271788a6e4b817e538a09320c4aac08b5f22d7953d0abc169928e780e2db940f0bd227ed84bd634761ff3443ef4562a37739943

  • SSDEEP

    24576:Yiqtn333hbWJTz/chumixHq9J1W0C8/atbVRkhrGZ75KelIxfVlDinaGrEWiLwJT:x6n33xc/cn0Kj1WXHRYrGZFKjbAaGcLA

Malware Config

Targets

    • Target

      56c6cd18e30f501337a993bc99e2ecb478b07d7f0bf81da6a34d8a10c684c3a3

    • Size

      1.4MB

    • MD5

      a25866283db6311bf1ca62bc2c104010

    • SHA1

      3ae2f477f007d5caf0c63d2801e66d73af9a8f9d

    • SHA256

      56c6cd18e30f501337a993bc99e2ecb478b07d7f0bf81da6a34d8a10c684c3a3

    • SHA512

      f02edccc3e15cbde06f5263cc271788a6e4b817e538a09320c4aac08b5f22d7953d0abc169928e780e2db940f0bd227ed84bd634761ff3443ef4562a37739943

    • SSDEEP

      24576:Yiqtn333hbWJTz/chumixHq9J1W0C8/atbVRkhrGZ75KelIxfVlDinaGrEWiLwJT:x6n33xc/cn0Kj1WXHRYrGZFKjbAaGcLA

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks