Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fdaf0c004606521918d2dd481ef53c276ae151c0d452e38053b53d80282abd56

  • Size

    509KB

  • Sample

    221003-xbvzpsbbc7

  • MD5

    56e52149b4259610a4d13d8b5d5eebc0

  • SHA1

    0d5ef726dc70c2042d40eab6fc9a0190277e7b4b

  • SHA256

    fdaf0c004606521918d2dd481ef53c276ae151c0d452e38053b53d80282abd56

  • SHA512

    e3d99ac7f93196eddfd16dd2e321cbd21b2f506c467fbc16467de1172fb8fabc43058542899150d20880a94d4be8c06c203f4e85bd5dca2033773e9e772a8299

  • SSDEEP

    12288:gbXvc2NgoQLebpdCxYIROscqKHmRMX+X1yEwYQg:2fyqpdMYIqHsMaEEwYQg

Malware Config

Targets

    • Target

      fdaf0c004606521918d2dd481ef53c276ae151c0d452e38053b53d80282abd56

    • Size

      509KB

    • MD5

      56e52149b4259610a4d13d8b5d5eebc0

    • SHA1

      0d5ef726dc70c2042d40eab6fc9a0190277e7b4b

    • SHA256

      fdaf0c004606521918d2dd481ef53c276ae151c0d452e38053b53d80282abd56

    • SHA512

      e3d99ac7f93196eddfd16dd2e321cbd21b2f506c467fbc16467de1172fb8fabc43058542899150d20880a94d4be8c06c203f4e85bd5dca2033773e9e772a8299

    • SSDEEP

      12288:gbXvc2NgoQLebpdCxYIROscqKHmRMX+X1yEwYQg:2fyqpdMYIqHsMaEEwYQg

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks