Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    61b4067e5ad5b238bcdfe7b5315cea3c367c248a6e0d417c7e3e600f222324a4.exe

  • Size

    80KB

  • Sample

    221016-h5knhaghdq

  • MD5

    1eeb73808e0b05f9ab564a762e3587c5

  • SHA1

    65a36c44f6483666088d22651ab022890246ade0

  • SHA256

    61b4067e5ad5b238bcdfe7b5315cea3c367c248a6e0d417c7e3e600f222324a4

  • SHA512

    b8fa2d102bd5e583956a99b0761847a518bd87d7a712acde886763ee954628612404436978a0cac38ae25e6981f8112b007562ee4fe41e78bb641d51fc178606

  • SSDEEP

    1536:ra98My3ia98My3ia98My3ia98My3ia98My3ia98My3ia98My3ia98M:e98My3598My3598My3598My3598My35l

Malware Config

Targets

    • Target

      61b4067e5ad5b238bcdfe7b5315cea3c367c248a6e0d417c7e3e600f222324a4.exe

    • Size

      80KB

    • MD5

      1eeb73808e0b05f9ab564a762e3587c5

    • SHA1

      65a36c44f6483666088d22651ab022890246ade0

    • SHA256

      61b4067e5ad5b238bcdfe7b5315cea3c367c248a6e0d417c7e3e600f222324a4

    • SHA512

      b8fa2d102bd5e583956a99b0761847a518bd87d7a712acde886763ee954628612404436978a0cac38ae25e6981f8112b007562ee4fe41e78bb641d51fc178606

    • SSDEEP

      1536:ra98My3ia98My3ia98My3ia98My3ia98My3ia98My3ia98My3ia98M:e98My3598My3598My3598My3598My35l

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v6

Tasks