Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Seven.zip

  • Size

    1.4MB

  • Sample

    240429-w6aftahe45

  • MD5

    467a3713c2d08ab9403633b43db8ecd5

  • SHA1

    1cd81a4369cf41bcedf8a45a56f0c3c48010d9ca

  • SHA256

    5b1a7502313ba6d09582086c800b3f4cffda294bcb3546c505c8c9ea9aca6722

  • SHA512

    f3b06fda5103b2e1ed1f3cae2538df33132b3e74ea0cb5b164453c24d2abfd3cf0467f4057b6d0ab64e84f13c3aa338c83f28d88ce728699fa3221e570f25bf7

  • SSDEEP

    24576:YW5FFbAybZEolmOpmqjvjlQg3wIsmmlHvCgzhv/BpSMzU+GBiAwGumsUAUI2uzXu:l5FzFtmymqVV3wSm7zhRuBXlsZUIQ

Malware Config

Targets

    • Target

      Seven.dll

    • Size

      1.3MB

    • MD5

      4061c3e1375f90dfa022f53cf608a20f

    • SHA1

      83dacf3737189a6bf5c5eefee505eae6c7b555c6

    • SHA256

      a65face7b91daabeba328d0cd7f9a7ea6073e1d6c20f80f4b5db2d0a487eb426

    • SHA512

      a5fe88731677fb75b747ac7961ec9604ec88d8ffbca76a0f8b45d3d9cacc8f5c48c7a4f6eb0a7baffc8f87a043c763a8db2bf8b1c2e18d7d935c74b39a3df543

    • SSDEEP

      24576:C5ZlbiyR5oGlMWrEqjvhlygduUy0uTHfCM9bvLnpY8Ni+wBIewsAmqUCUcuUth9k:C5ZhnFMKEqb3duGux9bDI/jhq1Uc

    Score
    1/10
    • Target

      Seven.exe

    • Size

      139KB

    • MD5

      350273e0d2e8a9ba5e37b791016112a0

    • SHA1

      5bfb616dd46f67d1dcbbff55ca5917ffc1ec8b71

    • SHA256

      27297bf8139bea755e9297e7e1489d827d1ee09a8e1d94a3ef96a2edb2de61ba

    • SHA512

      b1e768524b4e840bd5f4163205122dd1725583245d8bfd5cbd89eb21a5fb9d33aff1b7b0ca42132b7dae469e025068ae663b3b02ad59927a558dc340141ec91b

    • SSDEEP

      3072:miS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJd8ltw:miS4ompB9S3BZi0a1G78IVhcTct

    • Modifies Windows Defender Real-time Protection settings

    • UAC bypass

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Disables cmd.exe use via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks