Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ac46787d7511520d8dd14cb5a094141f338cc50b3c7b8cb31e3f136f5ad871ba

  • Size

    2.0MB

  • Sample

    240714-pnhk5szfmq

  • MD5

    c71d322f4a1d526cc0e5b3e010c184be

  • SHA1

    0e7bd9b2e6ea0f95a87422a3010ba71d3b3e1e0b

  • SHA256

    ac46787d7511520d8dd14cb5a094141f338cc50b3c7b8cb31e3f136f5ad871ba

  • SHA512

    6ee9dab4724001ef1f51600a4672ddc45cc6924448c88a1af7f50ab6d0b83dcd5a12a265c742d54b02c3b6c9d81f923474ebae41d371a5be9f7e8b40b18a89fc

  • SSDEEP

    24576:WI/0CggJRaGdnyEc2ZAuTvjL84btYvmiOZFFgFzis0YS06IXPkUMonnDN2Mh6VqX:XXRrRtquTjtg1FWj06IXsGnDN2/S

Malware Config

Targets

    • Target

      ac46787d7511520d8dd14cb5a094141f338cc50b3c7b8cb31e3f136f5ad871ba

    • Size

      2.0MB

    • MD5

      c71d322f4a1d526cc0e5b3e010c184be

    • SHA1

      0e7bd9b2e6ea0f95a87422a3010ba71d3b3e1e0b

    • SHA256

      ac46787d7511520d8dd14cb5a094141f338cc50b3c7b8cb31e3f136f5ad871ba

    • SHA512

      6ee9dab4724001ef1f51600a4672ddc45cc6924448c88a1af7f50ab6d0b83dcd5a12a265c742d54b02c3b6c9d81f923474ebae41d371a5be9f7e8b40b18a89fc

    • SSDEEP

      24576:WI/0CggJRaGdnyEc2ZAuTvjL84btYvmiOZFFgFzis0YS06IXPkUMonnDN2Mh6VqX:XXRrRtquTjtg1FWj06IXsGnDN2/S

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks