Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    49037200d617b69a161b94bed0c609f20e655ca896d695b7de4cc0a5a7236297

  • Size

    504KB

  • Sample

    221011-ntvxzscgcp

  • MD5

    63af7fee2f39d6064aa58cd616f97400

  • SHA1

    a82451a52cc6d59acc301c8dbd4f9c30c1884f4e

  • SHA256

    49037200d617b69a161b94bed0c609f20e655ca896d695b7de4cc0a5a7236297

  • SHA512

    51471996cca503e9523dd084c65ba0c9a431c0dd262ae1d60cb4214343e20bd4acbc7a4e9c8884c692a074113089c8cdaf5e7eedd267f1ebb90699f14a92a14e

  • SSDEEP

    12288:LFA01s79ob0Ux+DMzyAtP5Q5xEzCIyVHkZvFZT/jD5m69:nO9oAa9yV5xEzCXVHINZo69

Malware Config

Targets

    • Target

      49037200d617b69a161b94bed0c609f20e655ca896d695b7de4cc0a5a7236297

    • Size

      504KB

    • MD5

      63af7fee2f39d6064aa58cd616f97400

    • SHA1

      a82451a52cc6d59acc301c8dbd4f9c30c1884f4e

    • SHA256

      49037200d617b69a161b94bed0c609f20e655ca896d695b7de4cc0a5a7236297

    • SHA512

      51471996cca503e9523dd084c65ba0c9a431c0dd262ae1d60cb4214343e20bd4acbc7a4e9c8884c692a074113089c8cdaf5e7eedd267f1ebb90699f14a92a14e

    • SSDEEP

      12288:LFA01s79ob0Ux+DMzyAtP5Q5xEzCIyVHkZvFZT/jD5m69:nO9oAa9yV5xEzCXVHINZo69

    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks