Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d480b6efcf1ccdc3a7cf4c1d22839e27e9701758b19c0a197b049b66bdcfe870

  • Size

    1.7MB

  • Sample

    240905-2spapstbqa

  • MD5

    1959ce1e98b798963f8b7d04bfb71e69

  • SHA1

    3f2fb337ca2f2686e55b985e1f4020e2273bc5a8

  • SHA256

    d480b6efcf1ccdc3a7cf4c1d22839e27e9701758b19c0a197b049b66bdcfe870

  • SHA512

    8e736a00b4077d32e11c6ae100d4148033c5b6bdbb2a874f707c3315db5ac61798cc310198aac97f4c29ae04f45d34e0a2d45a57cb43bd5536e7f3199add3e8c

  • SSDEEP

    49152:eo2sTMKEpK0Y6d84LE1pM5bK0dRfBp8N6eopiaj7EvwtCpLdiXr9fpJ2M67:l2sTMKEpK0Y6dTE1pM5bK0dRfBp8N6eL

Malware Config

Targets

    • Target

      d480b6efcf1ccdc3a7cf4c1d22839e27e9701758b19c0a197b049b66bdcfe870

    • Size

      1.7MB

    • MD5

      1959ce1e98b798963f8b7d04bfb71e69

    • SHA1

      3f2fb337ca2f2686e55b985e1f4020e2273bc5a8

    • SHA256

      d480b6efcf1ccdc3a7cf4c1d22839e27e9701758b19c0a197b049b66bdcfe870

    • SHA512

      8e736a00b4077d32e11c6ae100d4148033c5b6bdbb2a874f707c3315db5ac61798cc310198aac97f4c29ae04f45d34e0a2d45a57cb43bd5536e7f3199add3e8c

    • SSDEEP

      49152:eo2sTMKEpK0Y6d84LE1pM5bK0dRfBp8N6eopiaj7EvwtCpLdiXr9fpJ2M67:l2sTMKEpK0Y6dTE1pM5bK0dRfBp8N6eL

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks