Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a01358fe1f0c3c812cdc508cb1c8cd882b8049ce779122db6c058e07e95faeff

  • Size

    538KB

  • Sample

    221002-ybxc7sfhe4

  • MD5

    6da893762cb4c1488709caad02f043d0

  • SHA1

    a3b3a698892554cb0fc7bbab31aef011264c0a0b

  • SHA256

    a01358fe1f0c3c812cdc508cb1c8cd882b8049ce779122db6c058e07e95faeff

  • SHA512

    efe6e1f90b7a08d75d7d5ab38d53b303b0ca9680484868fbd4fe1ae75d417a0cc03f375b81ee89ac36d6f6162bb9292686675f55542a1ecead43139e548a9f79

  • SSDEEP

    12288:fHCXV0qw3XMpQYj1XacctPWYyOqWCNUyvrL:PJAQYjFaLFWYyN5L

Malware Config

Targets

    • Target

      a01358fe1f0c3c812cdc508cb1c8cd882b8049ce779122db6c058e07e95faeff

    • Size

      538KB

    • MD5

      6da893762cb4c1488709caad02f043d0

    • SHA1

      a3b3a698892554cb0fc7bbab31aef011264c0a0b

    • SHA256

      a01358fe1f0c3c812cdc508cb1c8cd882b8049ce779122db6c058e07e95faeff

    • SHA512

      efe6e1f90b7a08d75d7d5ab38d53b303b0ca9680484868fbd4fe1ae75d417a0cc03f375b81ee89ac36d6f6162bb9292686675f55542a1ecead43139e548a9f79

    • SSDEEP

      12288:fHCXV0qw3XMpQYj1XacctPWYyOqWCNUyvrL:PJAQYjFaLFWYyN5L

    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks