Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Built.exe

  • Size

    6.9MB

  • Sample

    241014-s1rw5asbkb

  • MD5

    66e88dc78d9c6525f7be9c474fa1bc25

  • SHA1

    d95abacea71522ad1b787f8a3447404276f6b79e

  • SHA256

    cbbccd19a4ac28994994dd8f115d602d17a0810fcd23f459b1ccadb60eb0dd75

  • SHA512

    a4b97fa724aa0addae0f2414427ba4cbf02b2957fc43a030f117efc1d46e35a5ba505fffbef8912ab21317e210ea764de564515c4755bf431cbd1f1bd79abbb7

  • SSDEEP

    98304:LeDjWM8JEE1rWamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYKJJcGhEIFWf:Le0PeNTfm/pf+xk4dWRptrbWOjgr

Malware Config

Targets

    • Target

      Built.exe

    • Size

      6.9MB

    • MD5

      66e88dc78d9c6525f7be9c474fa1bc25

    • SHA1

      d95abacea71522ad1b787f8a3447404276f6b79e

    • SHA256

      cbbccd19a4ac28994994dd8f115d602d17a0810fcd23f459b1ccadb60eb0dd75

    • SHA512

      a4b97fa724aa0addae0f2414427ba4cbf02b2957fc43a030f117efc1d46e35a5ba505fffbef8912ab21317e210ea764de564515c4755bf431cbd1f1bd79abbb7

    • SSDEEP

      98304:LeDjWM8JEE1rWamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYKJJcGhEIFWf:Le0PeNTfm/pf+xk4dWRptrbWOjgr

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks