Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
05f2fde0f8f71c04fd1263965d648e7c.bin
-
Size
5.8MB
-
Sample
240904-bcr4jsshrb
-
MD5
cd51a423a871fe592c67a4402a784dc6
-
SHA1
3723fd3450f1eeb16d76cea11ccf7bd9198b7bd5
-
SHA256
b83f10ebdedcc70a5749233a30b7b4f0fa8ddab3c7205053ed569f7a260607a6
-
SHA512
04de589870d3eb033200dd0adec3e54ada109e3e90dee04e55bbd31d0112937b52a2a0328d2fba3f1a4fa7280e40337d6ddf66d033f357735084cd89ab4317ff
-
SSDEEP
98304:xRPca39Ys5CSzherYCIcb3ltRSJue4TPh7O6H/0tc8CIP9EkXhmZob0yNyG:jca39YgiPb3ltRSwe4NMNPCkIZQF
Behavioral task
behavioral1
Sample
25206984b9059853f3f09b6ababc446e2c63eb54bce5ff2173d178a8acff6780.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
25206984b9059853f3f09b6ababc446e2c63eb54bce5ff2173d178a8acff6780.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
25206984b9059853f3f09b6ababc446e2c63eb54bce5ff2173d178a8acff6780.exe
-
Size
6.0MB
-
MD5
05f2fde0f8f71c04fd1263965d648e7c
-
SHA1
17aa36a2f0fe9142f7a6ec4585512a35d5ad9d9d
-
SHA256
25206984b9059853f3f09b6ababc446e2c63eb54bce5ff2173d178a8acff6780
-
SHA512
e245539db5b0d1f19b5b388ce6c78f8cfdcea49040c9772fca5f737d9b77aff963178d81f2c9d84aa24f0f48f6a3fa470bcfc7b3aea16c8e265a5c7643ea48f5
-
SSDEEP
98304:61EtdFBg/amaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4R0BMXb3OJGTF:6MFLeN/FJMIDJf0gsAGK4R0uXzTF
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3