Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1198dc190ed27298129983e6218e63c279482b34adf78706247b054da569769a

  • Size

    7.3MB

  • Sample

    240711-2e6b3azaqf

  • MD5

    558ae61d8bde0d3b462d107bfa97dbf9

  • SHA1

    7dabedf987662afcdc130789fea9160a7cd691f7

  • SHA256

    1198dc190ed27298129983e6218e63c279482b34adf78706247b054da569769a

  • SHA512

    ed03d407c4a6cf86811b41b2a98507d1761fe973090528e3626220993cf79426192f140f5ef484006f7df9356f3681ae619ca3b7361f3e6c110de627cf4ba956

  • SSDEEP

    196608:91OQ1cb5pCftP4ejDeulXsZWddPgQA+umWKYlUNAcJX:3OQ1cbfCh4IJlXZ1zWcNlJX

Score
10/10
discoveryevasionexecutionspywarestealertrojan

Malware Config

Targets

    • Target

      1198dc190ed27298129983e6218e63c279482b34adf78706247b054da569769a

    • Size

      7.3MB

    • MD5

      558ae61d8bde0d3b462d107bfa97dbf9

    • SHA1

      7dabedf987662afcdc130789fea9160a7cd691f7

    • SHA256

      1198dc190ed27298129983e6218e63c279482b34adf78706247b054da569769a

    • SHA512

      ed03d407c4a6cf86811b41b2a98507d1761fe973090528e3626220993cf79426192f140f5ef484006f7df9356f3681ae619ca3b7361f3e6c110de627cf4ba956

    • SSDEEP

      196608:91OQ1cb5pCftP4ejDeulXsZWddPgQA+umWKYlUNAcJX:3OQ1cbfCh4IJlXZ1zWcNlJX

    Score
    10/10
    discoveryevasionexecutionspywarestealertrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops Chrome extension

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks