Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5

  • Size

    3.1MB

  • Sample

    240810-1t23hszeln

  • MD5

    38f619582609c19210fccc5978fd7a9e

  • SHA1

    cde2a538a01e5cadd03c3cf11898f8bce3ba2ee0

  • SHA256

    e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5

  • SHA512

    1c2dc2a7e3c42f45df896af434eb7a303fee35eded9ad9ca29cd6c069af755e638d5616804f26854b6caf7fcd17f5d76fe97a8ff95583426e914644ca1132afa

  • SSDEEP

    98304:DwVppcSYwQJB1mtUC6hbPVNkAPlNymL1Z1IFi3YGw:DwWsQIWCcjVZ/r1U

Malware Config

Targets

    • Target

      e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5

    • Size

      3.1MB

    • MD5

      38f619582609c19210fccc5978fd7a9e

    • SHA1

      cde2a538a01e5cadd03c3cf11898f8bce3ba2ee0

    • SHA256

      e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5

    • SHA512

      1c2dc2a7e3c42f45df896af434eb7a303fee35eded9ad9ca29cd6c069af755e638d5616804f26854b6caf7fcd17f5d76fe97a8ff95583426e914644ca1132afa

    • SSDEEP

      98304:DwVppcSYwQJB1mtUC6hbPVNkAPlNymL1Z1IFi3YGw:DwWsQIWCcjVZ/r1U

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks