Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    https://l.ufiler.pro/l/7/22986402/download/867/?i=dGl0bGU9VTNWd1pYSWdWMjl5YkdSaWIzZz0mZGVzY3JpcHRpb249VjI5eWJHUkNiM2dnNG9DVUlFZHZaQ0JUYVcxMWJHRjBiM0lnS0ZOMWNHVnlJRmR2Y214a1ltOTRLU0RpZ0pNZzBMalFzOUdBMExBZzBMSWcwTGJRc05DOTBZRFF0U0RSZ2RDNDBMelJnOUM3MFkvUmd0QyswWURRc0N3ZzBMclF2dEdDMEw3UmdOQ3cwWThnMEwvUXZ0QzMwTExRdnRDNzBMalJnaURSZ3RDMTBMSFF0U0RRc2lEUXY5QyswTHZRdmRDKzBMa2cwTHpRdGRHQTBMVWcwTC9RdnRHSDBZUFFzdEdCMFlMUXN0QyswTExRc05HQzBZd2cwWUV1TGk0PSZwb3N0ZXI9JnNpemU9JmNhdGVnb3J5PSZ0aGVtZT1aMkZ0WlhNPSZ0b3JyZW50PWFIUjBjSE02THk5MGFHVnNZWE4wWjJGdFpTNXlkUzlrYjNkdWJHOWhaQzlYYjNKc1pHSnZlRjh3TGpJeUxqbGZOVFU0TG5SdmNuSmxiblE9&sw=VUZJTEVS

  • Sample

    240523-1ehekahe4w

Malware Config

Targets

    • Target

      https://l.ufiler.pro/l/7/22986402/download/867/?i=dGl0bGU9VTNWd1pYSWdWMjl5YkdSaWIzZz0mZGVzY3JpcHRpb249VjI5eWJHUkNiM2dnNG9DVUlFZHZaQ0JUYVcxMWJHRjBiM0lnS0ZOMWNHVnlJRmR2Y214a1ltOTRLU0RpZ0pNZzBMalFzOUdBMExBZzBMSWcwTGJRc05DOTBZRFF0U0RSZ2RDNDBMelJnOUM3MFkvUmd0QyswWURRc0N3ZzBMclF2dEdDMEw3UmdOQ3cwWThnMEwvUXZ0QzMwTExRdnRDNzBMalJnaURSZ3RDMTBMSFF0U0RRc2lEUXY5QyswTHZRdmRDKzBMa2cwTHpRdGRHQTBMVWcwTC9RdnRHSDBZUFFzdEdCMFlMUXN0QyswTExRc05HQzBZd2cwWUV1TGk0PSZwb3N0ZXI9JnNpemU9JmNhdGVnb3J5PSZ0aGVtZT1aMkZ0WlhNPSZ0b3JyZW50PWFIUjBjSE02THk5MGFHVnNZWE4wWjJGdFpTNXlkUzlrYjNkdWJHOWhaQzlYYjNKc1pHSnZlRjh3TGpJeUxqbGZOVFU0TG5SdmNuSmxiblE9&sw=VUZJTEVS

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks for any installed AV software in registry

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks