Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

07/01/2025, 22:05 UTC

250107-1z1rms1kat 3

04/09/2024, 21:58 UTC

240904-1vqqwaxbqr 8

04/09/2024, 21:55 UTC

240904-1s3yesxbpl 6

04/09/2024, 21:38 UTC

240904-1hjf2awhql 9

04/09/2024, 21:22 UTC

240904-z8eebsxfmf 8

General

  • Target

    https://www.google.com/?safe=active&ssui=on

  • Sample

    240904-1hjf2awhql

Malware Config

Targets

    • Target

      https://www.google.com/?safe=active&ssui=on

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Event Triggered Execution: Image File Execution Options Injection

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.