Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
WinSecurityUpdates.exe
-
Size
14.0MB
-
Sample
220926-dk4hnaachj
-
MD5
81ec54952bb1f2d77755acc1c72a1022
-
SHA1
f61fa40dd3b1b36f0ef08335653624a9cf0c0fe5
-
SHA256
eea3cb397782654810eea1c7bfc350a5c4760b9ea776f08de36b8356a1a3c3a7
-
SHA512
77d0fd17bb91ac80e747b62f177fe8d2c013a2c7d261ceca0d9738109fa8ef957c6e6e3014a8548da76aaddbf5154a277f529902a3cb05d5e8c128e8a26c7e72
-
SSDEEP
393216:Ncfbl5euWkQSrstR9zCLFKoL205Suuy0kiOJitcCWRmmd:GfblqkrsX9OLF3L2ASuuy/iCo6Z
Malware Config
Targets
-
-
Target
WinSecurityUpdates.exe
-
Size
14.0MB
-
MD5
81ec54952bb1f2d77755acc1c72a1022
-
SHA1
f61fa40dd3b1b36f0ef08335653624a9cf0c0fe5
-
SHA256
eea3cb397782654810eea1c7bfc350a5c4760b9ea776f08de36b8356a1a3c3a7
-
SHA512
77d0fd17bb91ac80e747b62f177fe8d2c013a2c7d261ceca0d9738109fa8ef957c6e6e3014a8548da76aaddbf5154a277f529902a3cb05d5e8c128e8a26c7e72
-
SSDEEP
393216:Ncfbl5euWkQSrstR9zCLFKoL205Suuy0kiOJitcCWRmmd:GfblqkrsX9OLF3L2ASuuy/iCo6Z
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Disables Task Manager via registry modification
-
Modifies Installed Components in the registry
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-