Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    95c929dba97314c6c807f5963dd3ebdf4ee1fc123259447146288509cd8f5b6d

  • Size

    403KB

  • Sample

    240423-blf3msag3z

  • MD5

    7efc322d3f56b57d7945080144e08677

  • SHA1

    f9354f399ec1dd8e5495624868d65070bf0dd28e

  • SHA256

    95c929dba97314c6c807f5963dd3ebdf4ee1fc123259447146288509cd8f5b6d

  • SHA512

    00fb059caf212c5291d1945d989863c5715cf9178aae46c5fa52c49e5674e6a606d065e6ae166f4fbf93ce6adb736afacf7b8672be1e00f3e6c629644421ac76

  • SSDEEP

    6144:tjluQoSDIo5R4nM/40yJNV6dCVEl3o/HPJqcVcy6RDH3BKlVeC3JhneJIgEqO/Rg:tEQoS9qhHM8ElYvoyoDxuVeC3JhHJ1/C

Malware Config

Targets

    • Target

      95c929dba97314c6c807f5963dd3ebdf4ee1fc123259447146288509cd8f5b6d

    • Size

      403KB

    • MD5

      7efc322d3f56b57d7945080144e08677

    • SHA1

      f9354f399ec1dd8e5495624868d65070bf0dd28e

    • SHA256

      95c929dba97314c6c807f5963dd3ebdf4ee1fc123259447146288509cd8f5b6d

    • SHA512

      00fb059caf212c5291d1945d989863c5715cf9178aae46c5fa52c49e5674e6a606d065e6ae166f4fbf93ce6adb736afacf7b8672be1e00f3e6c629644421ac76

    • SSDEEP

      6144:tjluQoSDIo5R4nM/40yJNV6dCVEl3o/HPJqcVcy6RDH3BKlVeC3JhneJIgEqO/Rg:tEQoS9qhHM8ElYvoyoDxuVeC3JhHJ1/C

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks