Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    22f776e408322da328270dfaa26f597fed8bdaeb1a0c6bb02d528ab3f9b14020N

  • Size

    2.3MB

  • Sample

    240921-ayl9rawhjd

  • MD5

    e9c005cc7665fc55216828c6990dbb00

  • SHA1

    85e65ce913daf5b8a020e6d5fc893f6d11aea628

  • SHA256

    22f776e408322da328270dfaa26f597fed8bdaeb1a0c6bb02d528ab3f9b14020

  • SHA512

    4bc413a4722bbf0337dc9aebad025aa222c0f61f8e5d24d651e802580b0e838bca534665493dc2f4c2b17b7c575da3e1467a6c59921ec652d6e9a9babee08eea

  • SSDEEP

    49152:Yjvk2d9rJpNJ6jUFdXaDoIHmXMupzh72lxakn2YpHdy4ZBgIoooNe:YrkI9rSjA5aDo73pzF2bz3p9y4HgIoov

Malware Config

Targets

    • Target

      22f776e408322da328270dfaa26f597fed8bdaeb1a0c6bb02d528ab3f9b14020N

    • Size

      2.3MB

    • MD5

      e9c005cc7665fc55216828c6990dbb00

    • SHA1

      85e65ce913daf5b8a020e6d5fc893f6d11aea628

    • SHA256

      22f776e408322da328270dfaa26f597fed8bdaeb1a0c6bb02d528ab3f9b14020

    • SHA512

      4bc413a4722bbf0337dc9aebad025aa222c0f61f8e5d24d651e802580b0e838bca534665493dc2f4c2b17b7c575da3e1467a6c59921ec652d6e9a9babee08eea

    • SSDEEP

      49152:Yjvk2d9rJpNJ6jUFdXaDoIHmXMupzh72lxakn2YpHdy4ZBgIoooNe:YrkI9rSjA5aDo73pzF2bz3p9y4HgIoov

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks