Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    REVISED PO.pdf

  • Size

    467KB

  • Sample

    240814-hdp4xatajk

  • MD5

    729b5c2e8616e0a10818adb95dffbfe2

  • SHA1

    baac15242b59ed33281b066107c797dcb0335fc6

  • SHA256

    d702b3f20b8be2f8a3f61fd14354056b4bdd55b3e8d90b76082fab77353f74ec

  • SHA512

    941f4e04a95c5175837a2ac07f4b96054feb5bcaf0308af3f79569570b9c634d94ddcd2e4949ef83b6fdaa6487974c32dd4dc627c23b31c19368f4782c361442

  • SSDEEP

    6144:o3DZe7iHQFjkRqMwMTQhX8594qUM9OwpXHdXC9hXVBmtphuj05ICtIDUV+QZUd5S:GDZepnwcuSqvXHokhujrCiIhUfQNd6U

Malware Config

Targets

    • Target

      REVISED PO.pdf

    • Size

      467KB

    • MD5

      729b5c2e8616e0a10818adb95dffbfe2

    • SHA1

      baac15242b59ed33281b066107c797dcb0335fc6

    • SHA256

      d702b3f20b8be2f8a3f61fd14354056b4bdd55b3e8d90b76082fab77353f74ec

    • SHA512

      941f4e04a95c5175837a2ac07f4b96054feb5bcaf0308af3f79569570b9c634d94ddcd2e4949ef83b6fdaa6487974c32dd4dc627c23b31c19368f4782c361442

    • SSDEEP

      6144:o3DZe7iHQFjkRqMwMTQhX8594qUM9OwpXHdXC9hXVBmtphuj05ICtIDUV+QZUd5S:GDZepnwcuSqvXHokhujrCiIhUfQNd6U

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks