Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
45923c5e0fa75d8265252dcdaa59b90db697db59e1badc8e474ac804ddeb41fd.exe
-
Size
2.2MB
-
Sample
240820-bmpq6szfnn
-
MD5
be668da17ea459ecdba38cb333a98a07
-
SHA1
fc44edf6715f685e7ad26b22b4b2695f45586146
-
SHA256
45923c5e0fa75d8265252dcdaa59b90db697db59e1badc8e474ac804ddeb41fd
-
SHA512
6e285e8398dc131a3085578184714b88ac34fc12f5f014ce66c63b6b43e0473c650c0a9eb51972d1b1a106d44df2f04478c2d895c6551f39a45d3c860f27f39a
-
SSDEEP
49152:PI/0Xh92X3FAOkoQgcK1beVBOHpwIf0bOtW1sLjS/g3:0O2X33Dfp98bObL+0
Malware Config
Targets
-
-
Target
45923c5e0fa75d8265252dcdaa59b90db697db59e1badc8e474ac804ddeb41fd.exe
-
Size
2.2MB
-
MD5
be668da17ea459ecdba38cb333a98a07
-
SHA1
fc44edf6715f685e7ad26b22b4b2695f45586146
-
SHA256
45923c5e0fa75d8265252dcdaa59b90db697db59e1badc8e474ac804ddeb41fd
-
SHA512
6e285e8398dc131a3085578184714b88ac34fc12f5f014ce66c63b6b43e0473c650c0a9eb51972d1b1a106d44df2f04478c2d895c6551f39a45d3c860f27f39a
-
SSDEEP
49152:PI/0Xh92X3FAOkoQgcK1beVBOHpwIf0bOtW1sLjS/g3:0O2X33Dfp98bObL+0
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
UAC bypass
-
Windows security bypass
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Indirect Command Execution
Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Drops Chrome extension
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Indirect Command Execution
1Modify Registry
5Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1