Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    df7fdcd2f51e912ba1809f5a510b5caffdfa5eae4a856ecc439fec826649ef79

  • Size

    2.3MB

  • Sample

    240929-d9axmsydrj

  • MD5

    89700a493e3d5a783f11d8e7cff62701

  • SHA1

    f2d2bd9dffeccbdc6b7e5f0610f7a68cfd22ed03

  • SHA256

    df7fdcd2f51e912ba1809f5a510b5caffdfa5eae4a856ecc439fec826649ef79

  • SHA512

    9aaf677a229d4ca01eb4360f647e8b52e3bc5d7829605f129c8cf2c5b0446c88667c2291df7df72a39d5e6dc01a327bf2de59c66ab1fb37067b4c3d72e81ebd1

  • SSDEEP

    49152:ojvk2d9rJpNJ6jUFdXaDoIHmXMupzh72lxakn2YpHdy4ZBgIoooNe:orkI9rSjA5aDo73pzF2bz3p9y4HgIoov

Malware Config

Targets

    • Target

      df7fdcd2f51e912ba1809f5a510b5caffdfa5eae4a856ecc439fec826649ef79

    • Size

      2.3MB

    • MD5

      89700a493e3d5a783f11d8e7cff62701

    • SHA1

      f2d2bd9dffeccbdc6b7e5f0610f7a68cfd22ed03

    • SHA256

      df7fdcd2f51e912ba1809f5a510b5caffdfa5eae4a856ecc439fec826649ef79

    • SHA512

      9aaf677a229d4ca01eb4360f647e8b52e3bc5d7829605f129c8cf2c5b0446c88667c2291df7df72a39d5e6dc01a327bf2de59c66ab1fb37067b4c3d72e81ebd1

    • SSDEEP

      49152:ojvk2d9rJpNJ6jUFdXaDoIHmXMupzh72lxakn2YpHdy4ZBgIoooNe:orkI9rSjA5aDo73pzF2bz3p9y4HgIoov

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks