Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8190b1e77f9e7b16db8e97ec8311affb789ac369d0d92c158b5b3b77e79e83d4.exe

  • Size

    1.2MB

  • Sample

    221016-h7mkwahah9

  • MD5

    a36815cebb90bdd7fa089e352653c453

  • SHA1

    550ac30c3b1d84bd0860ce1fab40121b6efa5ae6

  • SHA256

    8190b1e77f9e7b16db8e97ec8311affb789ac369d0d92c158b5b3b77e79e83d4

  • SHA512

    71655a3f1d5a4ee6f3e258d2f4f2356e1d91bfd96aff9e060cffdfb3e6359e4e521881534a381d3e37a8b5d37ea31f4aa21d31fb274cbf89f7016475f824479d

  • SSDEEP

    24576:lKKKKKKKKKKKKut89TMFZ2qrQHTdocJVZUrK2MtENe:Ut89TMn24QHTdRJVZUrK2MtENe

Malware Config

Targets

    • Target

      8190b1e77f9e7b16db8e97ec8311affb789ac369d0d92c158b5b3b77e79e83d4.exe

    • Size

      1.2MB

    • MD5

      a36815cebb90bdd7fa089e352653c453

    • SHA1

      550ac30c3b1d84bd0860ce1fab40121b6efa5ae6

    • SHA256

      8190b1e77f9e7b16db8e97ec8311affb789ac369d0d92c158b5b3b77e79e83d4

    • SHA512

      71655a3f1d5a4ee6f3e258d2f4f2356e1d91bfd96aff9e060cffdfb3e6359e4e521881534a381d3e37a8b5d37ea31f4aa21d31fb274cbf89f7016475f824479d

    • SSDEEP

      24576:lKKKKKKKKKKKKut89TMFZ2qrQHTdocJVZUrK2MtENe:Ut89TMn24QHTdRJVZUrK2MtENe

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v6

Tasks