Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
123.exe
-
Size
7.4MB
-
Sample
240921-xxe6dayfpp
-
MD5
b8b77a6a36e3af400fa62e30e75f68ac
-
SHA1
02382001c893096df7159bc951dd181359dcd4bf
-
SHA256
1a82bb33f6a785b9d274b289ecb970089381afb9648338f478204ad0cc80f7fa
-
SHA512
6e20453aff2fd5f589e474218b08da17a22445028a8ef367125e353a99c3bc5737dece41c51a61651d84817490656f18f4adb90f97762f0c979e00779ce9d299
-
SSDEEP
98304:/VSi8x9XQsaiurErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJo4EAKhOC11Q:/kP9VaiurErvI9pWjgfPvzm6gsFE14Ay
Behavioral task
behavioral1
Sample
123.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
123.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
123.exe
Resource
win11-20240802-en
Malware Config
Targets
-
-
Target
123.exe
-
Size
7.4MB
-
MD5
b8b77a6a36e3af400fa62e30e75f68ac
-
SHA1
02382001c893096df7159bc951dd181359dcd4bf
-
SHA256
1a82bb33f6a785b9d274b289ecb970089381afb9648338f478204ad0cc80f7fa
-
SHA512
6e20453aff2fd5f589e474218b08da17a22445028a8ef367125e353a99c3bc5737dece41c51a61651d84817490656f18f4adb90f97762f0c979e00779ce9d299
-
SSDEEP
98304:/VSi8x9XQsaiurErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJo4EAKhOC11Q:/kP9VaiurErvI9pWjgfPvzm6gsFE14Ay
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3