Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3c9b40c1ee18d13dda9c2fee53ff24f1877c413505b1764769dd4524b9e825e7
-
Size
7.3MB
-
Sample
240914-eqvndawcrr
-
MD5
9ca8e1bb266f57df5c0ad97a693fc7f4
-
SHA1
e3f0768fa6f2684a6a1c98d6b44571bf28bb63ee
-
SHA256
3c9b40c1ee18d13dda9c2fee53ff24f1877c413505b1764769dd4524b9e825e7
-
SHA512
20eb49473905db02faa86e24b75083fdd35beeead47185b4a6f2d6df656abdfb3dd7a7564bcbafc5f8b7b57e6c75cd63f5d3b657aad090cdc7ec4cae14b42488
-
SSDEEP
196608:91OR9yfMNJbL67/vgZc8I03t+Vuq7X0CaPok+M8m8mzDOCp2/sIZy:3Oek7q7/vURlgwq7aPinCg/sIZy
Malware Config
Targets
-
-
Target
3c9b40c1ee18d13dda9c2fee53ff24f1877c413505b1764769dd4524b9e825e7
-
Size
7.3MB
-
MD5
9ca8e1bb266f57df5c0ad97a693fc7f4
-
SHA1
e3f0768fa6f2684a6a1c98d6b44571bf28bb63ee
-
SHA256
3c9b40c1ee18d13dda9c2fee53ff24f1877c413505b1764769dd4524b9e825e7
-
SHA512
20eb49473905db02faa86e24b75083fdd35beeead47185b4a6f2d6df656abdfb3dd7a7564bcbafc5f8b7b57e6c75cd63f5d3b657aad090cdc7ec4cae14b42488
-
SSDEEP
196608:91OR9yfMNJbL67/vgZc8I03t+Vuq7X0CaPok+M8m8mzDOCp2/sIZy:3Oek7q7/vURlgwq7aPinCg/sIZy
Score8/10-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Indirect Command Execution
Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-