Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c0454123be71623cf0f54d69931613db919f4dcbe40f1ff0fa66e8d77fe5e215

  • Size

    499KB

  • Sample

    221002-ya661shdfp

  • MD5

    64e832aaf4aa94bfb4b06da5d0caadb0

  • SHA1

    267e7c0fd1c010dfb9df69afef0a7d3bd2814b21

  • SHA256

    c0454123be71623cf0f54d69931613db919f4dcbe40f1ff0fa66e8d77fe5e215

  • SHA512

    7905b6fec216f8480658a8a1990e1d4b5955dd85c4827a01508fda111a5a3b065df5cf0b5bb5418b3828691d35f79d680d5b54298394897ab906d5eaf1e66b2e

  • SSDEEP

    12288:r7Ft+KGGOznJDlXmEUchDVz9d9YUTckKjkGso:EDWEUcFnd9DT2J

Malware Config

Targets

    • Target

      c0454123be71623cf0f54d69931613db919f4dcbe40f1ff0fa66e8d77fe5e215

    • Size

      499KB

    • MD5

      64e832aaf4aa94bfb4b06da5d0caadb0

    • SHA1

      267e7c0fd1c010dfb9df69afef0a7d3bd2814b21

    • SHA256

      c0454123be71623cf0f54d69931613db919f4dcbe40f1ff0fa66e8d77fe5e215

    • SHA512

      7905b6fec216f8480658a8a1990e1d4b5955dd85c4827a01508fda111a5a3b065df5cf0b5bb5418b3828691d35f79d680d5b54298394897ab906d5eaf1e66b2e

    • SSDEEP

      12288:r7Ft+KGGOznJDlXmEUchDVz9d9YUTckKjkGso:EDWEUcFnd9DT2J

    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks