Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    da36f22d5e3df8dd836dbbd71989f721d9b1feb751552a8d181ee22ceea0365f

  • Size

    53KB

  • Sample

    220211-g82kraddhq

  • MD5

    131bbc0b13531f2115cd7b1b3f48fc28

  • SHA1

    999a9d44da103a63ae072784af080f1b2c718fdf

  • SHA256

    da36f22d5e3df8dd836dbbd71989f721d9b1feb751552a8d181ee22ceea0365f

  • SHA512

    c5f7693370deca2542c5d212f3748251db6870009d5319b81a21b958afa10e2c8003ef847aedd6a9089696bf27a5f6397dbb442aad9a7ea662f8743dd13a0e7b

Malware Config

Targets

    • Target

      da36f22d5e3df8dd836dbbd71989f721d9b1feb751552a8d181ee22ceea0365f

    • Size

      53KB

    • MD5

      131bbc0b13531f2115cd7b1b3f48fc28

    • SHA1

      999a9d44da103a63ae072784af080f1b2c718fdf

    • SHA256

      da36f22d5e3df8dd836dbbd71989f721d9b1feb751552a8d181ee22ceea0365f

    • SHA512

      c5f7693370deca2542c5d212f3748251db6870009d5319b81a21b958afa10e2c8003ef847aedd6a9089696bf27a5f6397dbb442aad9a7ea662f8743dd13a0e7b

    • GlobeImposter

      GlobeImposter is a ransomware first seen in 2017.

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v6

Tasks