Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Wireshark-4.2.4-x64.exe

  • Size

    82.5MB

  • Sample

    240501-p33vmafb9y

  • MD5

    c38012af36b2f24cf15f971e62e08d87

  • SHA1

    caa0849461201937fa995afc5d2b80986c506891

  • SHA256

    b621718ffe64748590ea9568fbbed0f3d86b0939906dc9f7fe064e20ce385492

  • SHA512

    84f1da60f8f974ccc24bbf054a40d6380865707d51401a70a19bc2d5e8a271fd68abce1b5fd14fd339cee57729e908e0aec70d7f5fb3046b03b183da4b233784

  • SSDEEP

    1572864:qgwkqSnN5BNMnT8RjmZq2j+efj6e1u4lQ2D9jdd840ownGiwDNPjPrnrLYA:qgVqSbBinu6q2j+ixu4lQU8XhwD5PJ

Malware Config

Targets

    • Target

      Wireshark-4.2.4-x64.exe

    • Size

      82.5MB

    • MD5

      c38012af36b2f24cf15f971e62e08d87

    • SHA1

      caa0849461201937fa995afc5d2b80986c506891

    • SHA256

      b621718ffe64748590ea9568fbbed0f3d86b0939906dc9f7fe064e20ce385492

    • SHA512

      84f1da60f8f974ccc24bbf054a40d6380865707d51401a70a19bc2d5e8a271fd68abce1b5fd14fd339cee57729e908e0aec70d7f5fb3046b03b183da4b233784

    • SSDEEP

      1572864:qgwkqSnN5BNMnT8RjmZq2j+efj6e1u4lQ2D9jdd840ownGiwDNPjPrnrLYA:qgVqSbBinu6q2j+ixu4lQU8XhwD5PJ

    • Checks for common network interception software

      Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

    • Adds Run key to start application

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks