Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
dbae7789d8691768e858795b66aaa050N
-
Size
485KB
-
Sample
240911-rm4s4avemq
-
MD5
dbae7789d8691768e858795b66aaa050
-
SHA1
e819a7aa96755b1a1be8f15d66d1fb7792849756
-
SHA256
2be6d9a6475fe4682237475de862c858040a11431c4327e1c141ef955f3cfaf8
-
SHA512
065af143db2aacf5b590525ef7a74fa03fc6d45a06bb789dc48f8b659aaf136abc8b68ebc2ca9a4dbd1b365fe44ae6b1647de56b38d717357276e5676dcf2a42
-
SSDEEP
12288:y+P0Rhc9iHfc1MUNheqhhRtzCUxIPeLBV9:y+PLo/+rHFxCUxI6
Malware Config
Targets
-
-
Target
dbae7789d8691768e858795b66aaa050N
-
Size
485KB
-
MD5
dbae7789d8691768e858795b66aaa050
-
SHA1
e819a7aa96755b1a1be8f15d66d1fb7792849756
-
SHA256
2be6d9a6475fe4682237475de862c858040a11431c4327e1c141ef955f3cfaf8
-
SHA512
065af143db2aacf5b590525ef7a74fa03fc6d45a06bb789dc48f8b659aaf136abc8b68ebc2ca9a4dbd1b365fe44ae6b1647de56b38d717357276e5676dcf2a42
-
SSDEEP
12288:y+P0Rhc9iHfc1MUNheqhhRtzCUxIPeLBV9:y+PLo/+rHFxCUxI6
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1