Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3c9b40c1ee18d13dda9c2fee53ff24f1877c413505b1764769dd4524b9e825e7

  • Size

    7.3MB

  • Sample

    240914-eqvndawcrr

  • MD5

    9ca8e1bb266f57df5c0ad97a693fc7f4

  • SHA1

    e3f0768fa6f2684a6a1c98d6b44571bf28bb63ee

  • SHA256

    3c9b40c1ee18d13dda9c2fee53ff24f1877c413505b1764769dd4524b9e825e7

  • SHA512

    20eb49473905db02faa86e24b75083fdd35beeead47185b4a6f2d6df656abdfb3dd7a7564bcbafc5f8b7b57e6c75cd63f5d3b657aad090cdc7ec4cae14b42488

  • SSDEEP

    196608:91OR9yfMNJbL67/vgZc8I03t+Vuq7X0CaPok+M8m8mzDOCp2/sIZy:3Oek7q7/vURlgwq7aPinCg/sIZy

Malware Config

Targets

    • Target

      3c9b40c1ee18d13dda9c2fee53ff24f1877c413505b1764769dd4524b9e825e7

    • Size

      7.3MB

    • MD5

      9ca8e1bb266f57df5c0ad97a693fc7f4

    • SHA1

      e3f0768fa6f2684a6a1c98d6b44571bf28bb63ee

    • SHA256

      3c9b40c1ee18d13dda9c2fee53ff24f1877c413505b1764769dd4524b9e825e7

    • SHA512

      20eb49473905db02faa86e24b75083fdd35beeead47185b4a6f2d6df656abdfb3dd7a7564bcbafc5f8b7b57e6c75cd63f5d3b657aad090cdc7ec4cae14b42488

    • SSDEEP

      196608:91OR9yfMNJbL67/vgZc8I03t+Vuq7X0CaPok+M8m8mzDOCp2/sIZy:3Oek7q7/vURlgwq7aPinCg/sIZy

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Indirect Command Execution

      Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks