Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7748a7a6393fc9998d98fefcda3c23e4c313067f50f3965c20992b3daba0d01aN

  • Size

    2.4MB

  • Sample

    240927-1vwl5a1hkr

  • MD5

    18a30dc10b5ec40019b53ba5c5170dd0

  • SHA1

    a48365f3f9d8cfb5279bbeb58fb7fd652a662503

  • SHA256

    7748a7a6393fc9998d98fefcda3c23e4c313067f50f3965c20992b3daba0d01a

  • SHA512

    63977dae26929f09adb4a4c8bb1cb8710a4e79be058d4f286c027b4c27c3c1e4771db73a3ef259b55a902861726f0096f9ad0ad0b48291a24b51e887566caa9f

  • SSDEEP

    49152:GR/laMbYAp7s5nceEv7MuGOe4jPyTmE7ZIIKR01GSM8prnoo:GRNvpAceMjGL4jaCE7ZGCxh

Malware Config

Targets

    • Target

      7748a7a6393fc9998d98fefcda3c23e4c313067f50f3965c20992b3daba0d01aN

    • Size

      2.4MB

    • MD5

      18a30dc10b5ec40019b53ba5c5170dd0

    • SHA1

      a48365f3f9d8cfb5279bbeb58fb7fd652a662503

    • SHA256

      7748a7a6393fc9998d98fefcda3c23e4c313067f50f3965c20992b3daba0d01a

    • SHA512

      63977dae26929f09adb4a4c8bb1cb8710a4e79be058d4f286c027b4c27c3c1e4771db73a3ef259b55a902861726f0096f9ad0ad0b48291a24b51e887566caa9f

    • SSDEEP

      49152:GR/laMbYAp7s5nceEv7MuGOe4jPyTmE7ZIIKR01GSM8prnoo:GRNvpAceMjGL4jaCE7ZGCxh

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks