Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    805211cc2830d787e6dcf1845bf5c7da421a25cd7cf93197aaa470166b9d2b45

  • Size

    352KB

  • Sample

    240505-bnf6esdb95

  • MD5

    9d803a16241a6009ddd3c593d8c06bde

  • SHA1

    3231386f0d741c36cc2f83f6b383540045648824

  • SHA256

    805211cc2830d787e6dcf1845bf5c7da421a25cd7cf93197aaa470166b9d2b45

  • SHA512

    e652d56441bece92df2a85fd8644ecff2b30ff7ba5554f4f4e651331a793fa2829ba80cf414fa77e91e1a5a130755bc1f964217c653885559c5ce729cbad2d30

  • SSDEEP

    6144:RIs9OKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPFsEPAsKCe8i:oKofHfHTXQLzgvnzHPowYbvrjD/L7QPs

Malware Config

Targets

    • Target

      805211cc2830d787e6dcf1845bf5c7da421a25cd7cf93197aaa470166b9d2b45

    • Size

      352KB

    • MD5

      9d803a16241a6009ddd3c593d8c06bde

    • SHA1

      3231386f0d741c36cc2f83f6b383540045648824

    • SHA256

      805211cc2830d787e6dcf1845bf5c7da421a25cd7cf93197aaa470166b9d2b45

    • SHA512

      e652d56441bece92df2a85fd8644ecff2b30ff7ba5554f4f4e651331a793fa2829ba80cf414fa77e91e1a5a130755bc1f964217c653885559c5ce729cbad2d30

    • SSDEEP

      6144:RIs9OKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPFsEPAsKCe8i:oKofHfHTXQLzgvnzHPowYbvrjD/L7QPs

    • UPX dump on OEP (original entry point)

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks