Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9dccc37950a931f71fa882637bae0a24433ed442735041a34aae64180390ea14

  • Size

    1.3MB

  • Sample

    241013-k85tystcqm

  • MD5

    1bbf95a7df851e922b359f8b27b12a48

  • SHA1

    8b1fd38c50ccadb7af35b6d00dd5ab47285808d7

  • SHA256

    9dccc37950a931f71fa882637bae0a24433ed442735041a34aae64180390ea14

  • SHA512

    6f0700adcf29422f56fb895e2b4bef25b3b00883db242af0e7e245425462e08c008b1fa79be4531534f6041b3266655f02ed35553305f4683fa3db8cf24a359f

  • SSDEEP

    24576:e3NYUR5kbjnCciOinOjLldsBjt8t2R8jpfZIg4mw6Ns/pZmBZOlnLyAuvTkM0XMA:edYGILDcO/fsBmLjRw6qpZmBZWyLaXMA

Malware Config

Targets

    • Target

      9dccc37950a931f71fa882637bae0a24433ed442735041a34aae64180390ea14

    • Size

      1.3MB

    • MD5

      1bbf95a7df851e922b359f8b27b12a48

    • SHA1

      8b1fd38c50ccadb7af35b6d00dd5ab47285808d7

    • SHA256

      9dccc37950a931f71fa882637bae0a24433ed442735041a34aae64180390ea14

    • SHA512

      6f0700adcf29422f56fb895e2b4bef25b3b00883db242af0e7e245425462e08c008b1fa79be4531534f6041b3266655f02ed35553305f4683fa3db8cf24a359f

    • SSDEEP

      24576:e3NYUR5kbjnCciOinOjLldsBjt8t2R8jpfZIg4mw6Ns/pZmBZOlnLyAuvTkM0XMA:edYGILDcO/fsBmLjRw6qpZmBZWyLaXMA

    • Drops file in Drivers directory

    • Deletes itself

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • System Binary Proxy Execution: Rundll32

      Abuse Rundll32 to proxy execution of malicious code.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks