Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4988e88efb6a6308f762f664acc7c9ff45fcaa4bb3578a6bf159b21bc73ecdd5

  • Size

    1.4MB

  • Sample

    240502-z9sy4she55

  • MD5

    954c3aaf6c094a32168c672ab2163c5b

  • SHA1

    bc7e957dd5273e34d51e3a83ccdf64a335783937

  • SHA256

    4988e88efb6a6308f762f664acc7c9ff45fcaa4bb3578a6bf159b21bc73ecdd5

  • SHA512

    47d7e72c8bb479a95ae088246d998bb4541df2e2374068782322c5f3b05b8415b9cb8fa13e189da95a261ff8428c14df4d94d60bb71d10f5da822bfbf8e285aa

  • SSDEEP

    24576:A85pxgm4GZMGxGkSud3hqwXcmthAlgM8rPQD0X9Lj5JZwZhkv8XSxNf/zARUBz:Asgm4FqG7ircmthU8G4H5vwnk0XSxV/5

Malware Config

Targets

    • Target

      4988e88efb6a6308f762f664acc7c9ff45fcaa4bb3578a6bf159b21bc73ecdd5

    • Size

      1.4MB

    • MD5

      954c3aaf6c094a32168c672ab2163c5b

    • SHA1

      bc7e957dd5273e34d51e3a83ccdf64a335783937

    • SHA256

      4988e88efb6a6308f762f664acc7c9ff45fcaa4bb3578a6bf159b21bc73ecdd5

    • SHA512

      47d7e72c8bb479a95ae088246d998bb4541df2e2374068782322c5f3b05b8415b9cb8fa13e189da95a261ff8428c14df4d94d60bb71d10f5da822bfbf8e285aa

    • SSDEEP

      24576:A85pxgm4GZMGxGkSud3hqwXcmthAlgM8rPQD0X9Lj5JZwZhkv8XSxNf/zARUBz:Asgm4FqG7ircmthU8G4H5vwnk0XSxV/5

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks