Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    WinSecurityUpdates.exe

  • Size

    14.0MB

  • Sample

    220926-dk4hnaachj

  • MD5

    81ec54952bb1f2d77755acc1c72a1022

  • SHA1

    f61fa40dd3b1b36f0ef08335653624a9cf0c0fe5

  • SHA256

    eea3cb397782654810eea1c7bfc350a5c4760b9ea776f08de36b8356a1a3c3a7

  • SHA512

    77d0fd17bb91ac80e747b62f177fe8d2c013a2c7d261ceca0d9738109fa8ef957c6e6e3014a8548da76aaddbf5154a277f529902a3cb05d5e8c128e8a26c7e72

  • SSDEEP

    393216:Ncfbl5euWkQSrstR9zCLFKoL205Suuy0kiOJitcCWRmmd:GfblqkrsX9OLF3L2ASuuy/iCo6Z

Malware Config

Targets

    • Target

      WinSecurityUpdates.exe

    • Size

      14.0MB

    • MD5

      81ec54952bb1f2d77755acc1c72a1022

    • SHA1

      f61fa40dd3b1b36f0ef08335653624a9cf0c0fe5

    • SHA256

      eea3cb397782654810eea1c7bfc350a5c4760b9ea776f08de36b8356a1a3c3a7

    • SHA512

      77d0fd17bb91ac80e747b62f177fe8d2c013a2c7d261ceca0d9738109fa8ef957c6e6e3014a8548da76aaddbf5154a277f529902a3cb05d5e8c128e8a26c7e72

    • SSDEEP

      393216:Ncfbl5euWkQSrstR9zCLFKoL205Suuy0kiOJitcCWRmmd:GfblqkrsX9OLF3L2ASuuy/iCo6Z

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Disables Task Manager via registry modification

    • Modifies Installed Components in the registry

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks