Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    pretty.exe

  • Size

    40.1MB

  • Sample

    240720-v5z5eavbkd

  • MD5

    0e289105d4ff83bbe0f872dd362ed6b1

  • SHA1

    37110bd3f4ef46fcf21c8f73917b7a395281ca2f

  • SHA256

    c1b64a1f5f197d061a7027f9b4b142f2d53c66a71c95eb41659c717c703ca562

  • SHA512

    0467b6ff82cea6dc3b770328be3d8636d66f0e598d73fd06bde33715807a19289e67808b694c6358ee0b1ebdb7b704ea44b0e59135079517c783dc2b1bf74833

  • SSDEEP

    786432:Xl0Qvyb0Gpc9dY5DhMLEdE35iWXUR4oyJv7ILp1qeBG+2Z0cZntHw:KQvybbIexCLKo6R4Xv8VkV+2VZntH

Malware Config

Targets

    • Target

      pretty.exe

    • Size

      40.1MB

    • MD5

      0e289105d4ff83bbe0f872dd362ed6b1

    • SHA1

      37110bd3f4ef46fcf21c8f73917b7a395281ca2f

    • SHA256

      c1b64a1f5f197d061a7027f9b4b142f2d53c66a71c95eb41659c717c703ca562

    • SHA512

      0467b6ff82cea6dc3b770328be3d8636d66f0e598d73fd06bde33715807a19289e67808b694c6358ee0b1ebdb7b704ea44b0e59135079517c783dc2b1bf74833

    • SSDEEP

      786432:Xl0Qvyb0Gpc9dY5DhMLEdE35iWXUR4oyJv7ILp1qeBG+2Z0cZntHw:KQvybbIexCLKo6R4Xv8VkV+2VZntH

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies file permissions

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks