Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7909d52b9e1870b13daa6435015b52c8a87f9c646c67d0dd9efbdf1e34dda90f

  • Size

    42KB

  • Sample

    221004-ffwncscghk

  • MD5

    44eb3d88f54f445d6896f99d23c055a9

  • SHA1

    4076dc5fff3f965a02e505dad1217cbba5717a7e

  • SHA256

    7909d52b9e1870b13daa6435015b52c8a87f9c646c67d0dd9efbdf1e34dda90f

  • SHA512

    39b976bad403e2a1454d8273791e39533e91ef80753e0c2b5f41cef33e18f3d2d1c164077e9338b7c88cfd528cc00a390fc2f337a603a8f7959ba80bdde34037

  • SSDEEP

    768:gSz0/XBwayCUOwV3TNZHdrPeqzEWvpbPwSMX6+w6pqZxLdeVgol9D8888888888l:BzOCay4wV339rPjzbpLwRJ9pSdoII

Malware Config

Targets

    • Target

      7909d52b9e1870b13daa6435015b52c8a87f9c646c67d0dd9efbdf1e34dda90f

    • Size

      42KB

    • MD5

      44eb3d88f54f445d6896f99d23c055a9

    • SHA1

      4076dc5fff3f965a02e505dad1217cbba5717a7e

    • SHA256

      7909d52b9e1870b13daa6435015b52c8a87f9c646c67d0dd9efbdf1e34dda90f

    • SHA512

      39b976bad403e2a1454d8273791e39533e91ef80753e0c2b5f41cef33e18f3d2d1c164077e9338b7c88cfd528cc00a390fc2f337a603a8f7959ba80bdde34037

    • SSDEEP

      768:gSz0/XBwayCUOwV3TNZHdrPeqzEWvpbPwSMX6+w6pqZxLdeVgol9D8888888888l:BzOCay4wV339rPjzbpLwRJ9pSdoII

    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks