Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    aff05e83fe66f88a09133014df4bb1f788038c3dea296033a51e751f5521b2ea

  • Size

    746KB

  • Sample

    240420-bzqh8sda42

  • MD5

    a7b883f33d2e969fa33dea07664a24eb

  • SHA1

    8ede0f35b52dc8108c73132c2dae8259c27c3263

  • SHA256

    aff05e83fe66f88a09133014df4bb1f788038c3dea296033a51e751f5521b2ea

  • SHA512

    413006270fe0c8c88f8f5144c77480d352ddff49d6a69fc71350651d5e7e9fbb7ba0c8d4dbe8048a035fd101c22a7eaf4446176176e971a410a16e03b05d54c2

  • SSDEEP

    12288:VEQoSfqrFcdaxW5ea3YOusit63WvVEElcAC3K2rbItt5y7dK0W6l3+YjjRUeZR:V3cxR+OsitxSElXIHIn5wdh3lpVX

Malware Config

Targets

    • Target

      aff05e83fe66f88a09133014df4bb1f788038c3dea296033a51e751f5521b2ea

    • Size

      746KB

    • MD5

      a7b883f33d2e969fa33dea07664a24eb

    • SHA1

      8ede0f35b52dc8108c73132c2dae8259c27c3263

    • SHA256

      aff05e83fe66f88a09133014df4bb1f788038c3dea296033a51e751f5521b2ea

    • SHA512

      413006270fe0c8c88f8f5144c77480d352ddff49d6a69fc71350651d5e7e9fbb7ba0c8d4dbe8048a035fd101c22a7eaf4446176176e971a410a16e03b05d54c2

    • SSDEEP

      12288:VEQoSfqrFcdaxW5ea3YOusit63WvVEElcAC3K2rbItt5y7dK0W6l3+YjjRUeZR:V3cxR+OsitxSElXIHIn5wdh3lpVX

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks