Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7e2888d7d6e7cb3468f03a3634996af3a123009c74daaf6fabe496107820dacc

  • Size

    2.0MB

  • Sample

    240723-jbfccsvamg

  • MD5

    71b31ffe85f5bf984ea7c3b5d0166b9a

  • SHA1

    7767ef583b3690a66aa65a07ad6703dff8233d5a

  • SHA256

    7e2888d7d6e7cb3468f03a3634996af3a123009c74daaf6fabe496107820dacc

  • SHA512

    c386a0f4d8787c908b2c6ccec849e1bf95ea9aec13fb7cb83cf69a21045384f45801a9673b06a283add1ca870ee829af5b42d281d0e6dd9a52eb051fe10cc168

  • SSDEEP

    49152:OqbpxOpI9RBxy4mjrnSw/xAaj+3WFpbyIX1FiktUs6/cuCY3C82x:OaxOpI9RWBzJbF5/ix0uCYy1x

Malware Config

Targets

    • Target

      56e85cf5461b41717ecb9aa132c1e321348c273c11f50ca0e01e08153c54b27e

    • Size

      2.0MB

    • MD5

      127ad848bb4876ccae990b14846f8e8b

    • SHA1

      18816cec922e7a4fbf487422b9847c6c122276f3

    • SHA256

      56e85cf5461b41717ecb9aa132c1e321348c273c11f50ca0e01e08153c54b27e

    • SHA512

      635962ea4b253827d84a2284f6b0d09dff4ee75d2e51354d306114a0483fa405408a679eb0aa3dd5fcf64b66c6a372a6bf868582f7327c643640523e32ee9c23

    • SSDEEP

      49152:wsDcZ3PNT//kzv0V7tKzpMdV3+SklVAAFq3Pux7PB:wnOa5ApMLKAmjB

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v15

Tasks