Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    df2aa1d6f25c273676a5e424286792c20bd3dec7096c8ac36143f018c66619dc

  • Size

    992KB

  • Sample

    221001-vy8g7sheel

  • MD5

    728c92b937610a7631c30e65b92f6790

  • SHA1

    47e9fd333ab90625cfcb5e7f9563a40bf8eda104

  • SHA256

    df2aa1d6f25c273676a5e424286792c20bd3dec7096c8ac36143f018c66619dc

  • SHA512

    af71486076d8f56c01d5d81b1f22df8b6081ec910b1a112fbd77e76c8b38b29ce31691627efb6bcde15e8917ced08c77b0de219d1136062742c16d36697e6a83

  • SSDEEP

    24576:jrxLy1t/JHIYIbwayccc5Yk1GRxVEvWEsEfB4:ZG1FJHIR15YkgnVEvsEfi

Malware Config

Targets

    • Target

      df2aa1d6f25c273676a5e424286792c20bd3dec7096c8ac36143f018c66619dc

    • Size

      992KB

    • MD5

      728c92b937610a7631c30e65b92f6790

    • SHA1

      47e9fd333ab90625cfcb5e7f9563a40bf8eda104

    • SHA256

      df2aa1d6f25c273676a5e424286792c20bd3dec7096c8ac36143f018c66619dc

    • SHA512

      af71486076d8f56c01d5d81b1f22df8b6081ec910b1a112fbd77e76c8b38b29ce31691627efb6bcde15e8917ced08c77b0de219d1136062742c16d36697e6a83

    • SSDEEP

      24576:jrxLy1t/JHIYIbwayccc5Yk1GRxVEvWEsEfB4:ZG1FJHIR15YkgnVEvsEfi

    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks