Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
04b51776c404884de26eaa36bf7491841ab64a6749e20828ab6a5889e74206a3
-
Size
7.3MB
-
Sample
240504-17442ada9s
-
MD5
0edbf79619d7b9d64bfa178182f8ee2c
-
SHA1
ca98e0d31404211b6ad10646faca088e96889dc3
-
SHA256
04b51776c404884de26eaa36bf7491841ab64a6749e20828ab6a5889e74206a3
-
SHA512
208e2d64d0835c9fb315f12c8e89d18c84a90910bb4328fd11b95ef5062ec6548a3293d1c4ba64e3abe127daff95b90b374dcf9e0c03c6454344fc24b5342801
-
SSDEEP
196608:91OqpcbolkvzGJ6U2lJxgN5PCkVdEE8bld:3OqWbzGP2ls3PLh8P
Malware Config
Targets
-
-
Target
04b51776c404884de26eaa36bf7491841ab64a6749e20828ab6a5889e74206a3
-
Size
7.3MB
-
MD5
0edbf79619d7b9d64bfa178182f8ee2c
-
SHA1
ca98e0d31404211b6ad10646faca088e96889dc3
-
SHA256
04b51776c404884de26eaa36bf7491841ab64a6749e20828ab6a5889e74206a3
-
SHA512
208e2d64d0835c9fb315f12c8e89d18c84a90910bb4328fd11b95ef5062ec6548a3293d1c4ba64e3abe127daff95b90b374dcf9e0c03c6454344fc24b5342801
-
SSDEEP
196608:91OqpcbolkvzGJ6U2lJxgN5PCkVdEE8bld:3OqWbzGP2ls3PLh8P
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Windows security bypass
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-