Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c0454123be71623cf0f54d69931613db919f4dcbe40f1ff0fa66e8d77fe5e215
-
Size
499KB
-
Sample
221002-ya661shdfp
-
MD5
64e832aaf4aa94bfb4b06da5d0caadb0
-
SHA1
267e7c0fd1c010dfb9df69afef0a7d3bd2814b21
-
SHA256
c0454123be71623cf0f54d69931613db919f4dcbe40f1ff0fa66e8d77fe5e215
-
SHA512
7905b6fec216f8480658a8a1990e1d4b5955dd85c4827a01508fda111a5a3b065df5cf0b5bb5418b3828691d35f79d680d5b54298394897ab906d5eaf1e66b2e
-
SSDEEP
12288:r7Ft+KGGOznJDlXmEUchDVz9d9YUTckKjkGso:EDWEUcFnd9DT2J
Malware Config
Targets
-
-
Target
c0454123be71623cf0f54d69931613db919f4dcbe40f1ff0fa66e8d77fe5e215
-
Size
499KB
-
MD5
64e832aaf4aa94bfb4b06da5d0caadb0
-
SHA1
267e7c0fd1c010dfb9df69afef0a7d3bd2814b21
-
SHA256
c0454123be71623cf0f54d69931613db919f4dcbe40f1ff0fa66e8d77fe5e215
-
SHA512
7905b6fec216f8480658a8a1990e1d4b5955dd85c4827a01508fda111a5a3b065df5cf0b5bb5418b3828691d35f79d680d5b54298394897ab906d5eaf1e66b2e
-
SSDEEP
12288:r7Ft+KGGOznJDlXmEUchDVz9d9YUTckKjkGso:EDWEUcFnd9DT2J
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-