Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0c9907387700a1b92bea706727f973cab6ac5666a0457d30407c93b8ff76be28

  • Size

    407KB

  • Sample

    240627-y9ynxs1glr

  • MD5

    5e9f41310effb06dd2a3532d66fd2cdf

  • SHA1

    79736e3f664930447f20f14a9b3b328ed761dca9

  • SHA256

    0c9907387700a1b92bea706727f973cab6ac5666a0457d30407c93b8ff76be28

  • SHA512

    7fae48ef836e8785ddbb8a5f7a7a3af73c178951b9c6638005440482680458652b96b3b89bb636ac09c30efab1ffc8db31615f575e9e96f67265a1bb875b6034

  • SSDEEP

    6144:3w9D91dOrcN3ZGXNYFNmIkYvUIelVjjVtGRyFH4v:gtRfJcNYFNm8UhlZGsev

Malware Config

Targets

    • Target

      0c9907387700a1b92bea706727f973cab6ac5666a0457d30407c93b8ff76be28

    • Size

      407KB

    • MD5

      5e9f41310effb06dd2a3532d66fd2cdf

    • SHA1

      79736e3f664930447f20f14a9b3b328ed761dca9

    • SHA256

      0c9907387700a1b92bea706727f973cab6ac5666a0457d30407c93b8ff76be28

    • SHA512

      7fae48ef836e8785ddbb8a5f7a7a3af73c178951b9c6638005440482680458652b96b3b89bb636ac09c30efab1ffc8db31615f575e9e96f67265a1bb875b6034

    • SSDEEP

      6144:3w9D91dOrcN3ZGXNYFNmIkYvUIelVjjVtGRyFH4v:gtRfJcNYFNm8UhlZGsev

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks