Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    img-74572870056JPEG.exe

  • Size

    1.1MB

  • Sample

    240814-gekp5ssdmj

  • MD5

    8f7e902259fff663f5c556fd0b25c0b0

  • SHA1

    17268e0068d0327d5998aa972b482c144f191fab

  • SHA256

    f58afefd345a47aa53c2288b2d01adec8da06fe4843683f361185c3c820c01ad

  • SHA512

    5680e970dea8dafae5071ed2550699554bc2c90da8385e00530c03b0d78881dee0cb394340226096c7e114f8749feb201d339f80c4653e29e16ec8d3ee92ff6c

  • SSDEEP

    24576:qAHnh+eWsN3skA4RV1Hom2KXMmHa/qEMSyL+zQjGrJ7GVl5:9h+ZkldoPK8Ya/ASyLoQjGF7+

Malware Config

Targets

    • Target

      img-74572870056JPEG.exe

    • Size

      1.1MB

    • MD5

      8f7e902259fff663f5c556fd0b25c0b0

    • SHA1

      17268e0068d0327d5998aa972b482c144f191fab

    • SHA256

      f58afefd345a47aa53c2288b2d01adec8da06fe4843683f361185c3c820c01ad

    • SHA512

      5680e970dea8dafae5071ed2550699554bc2c90da8385e00530c03b0d78881dee0cb394340226096c7e114f8749feb201d339f80c4653e29e16ec8d3ee92ff6c

    • SSDEEP

      24576:qAHnh+eWsN3skA4RV1Hom2KXMmHa/qEMSyL+zQjGrJ7GVl5:9h+ZkldoPK8Ya/ASyLoQjGF7+

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks