Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    334250dc8b9eb735a57895dd33e8ed26aff426a39f880062be71cea475dc11c6

  • Size

    119KB

  • Sample

    240424-y87kfaha6v

  • MD5

    61d1ce1394a03e9888be992eb836f1c8

  • SHA1

    e8a0a43358742522d6ee2e86983c99fc8ff60cc2

  • SHA256

    334250dc8b9eb735a57895dd33e8ed26aff426a39f880062be71cea475dc11c6

  • SHA512

    05cf347c79f56fb9a45e37c01a1c2c7efb644b171412f57b0b86ce14ef8f92cbb26e3327f921d7300483f749dadc398acfa05daba1dc3d78fb31bda6102ac411

  • SSDEEP

    3072:TOjWuyt0ZsqsXOKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPPh:TIs9OKofHfHTXQLzgvnzHPowYbvrjD/E

Malware Config

Targets

    • Target

      334250dc8b9eb735a57895dd33e8ed26aff426a39f880062be71cea475dc11c6

    • Size

      119KB

    • MD5

      61d1ce1394a03e9888be992eb836f1c8

    • SHA1

      e8a0a43358742522d6ee2e86983c99fc8ff60cc2

    • SHA256

      334250dc8b9eb735a57895dd33e8ed26aff426a39f880062be71cea475dc11c6

    • SHA512

      05cf347c79f56fb9a45e37c01a1c2c7efb644b171412f57b0b86ce14ef8f92cbb26e3327f921d7300483f749dadc398acfa05daba1dc3d78fb31bda6102ac411

    • SSDEEP

      3072:TOjWuyt0ZsqsXOKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPPh:TIs9OKofHfHTXQLzgvnzHPowYbvrjD/E

    • UPX dump on OEP (original entry point)

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks