Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a6a1d04d273f6e0a698a5adc0791a2e852e1d263d7e4b8f87f534d3861cb98c5.exe

  • Size

    584KB

  • Sample

    221016-rjbyxahfd6

  • MD5

    497442b4fe86a26cfcde5c17caaa10f4

  • SHA1

    00ce115e8c2b2e2b9b45aa73fcedebd7a32ef427

  • SHA256

    a6a1d04d273f6e0a698a5adc0791a2e852e1d263d7e4b8f87f534d3861cb98c5

  • SHA512

    bd61c707af52d424a3386af4097ed35b32d4ca23ae29aa4409921bdf6a612ecd0805842a75f8d8ac630c69cddac5e2692f45dbf54eaab782c3bce7d5bb9a012e

  • SSDEEP

    1536:ra98My3ia98My3ia98My3ia98My3ia98M:e98My3598My3598My3598My3598M

Malware Config

Targets

    • Target

      a6a1d04d273f6e0a698a5adc0791a2e852e1d263d7e4b8f87f534d3861cb98c5.exe

    • Size

      584KB

    • MD5

      497442b4fe86a26cfcde5c17caaa10f4

    • SHA1

      00ce115e8c2b2e2b9b45aa73fcedebd7a32ef427

    • SHA256

      a6a1d04d273f6e0a698a5adc0791a2e852e1d263d7e4b8f87f534d3861cb98c5

    • SHA512

      bd61c707af52d424a3386af4097ed35b32d4ca23ae29aa4409921bdf6a612ecd0805842a75f8d8ac630c69cddac5e2692f45dbf54eaab782c3bce7d5bb9a012e

    • SSDEEP

      1536:ra98My3ia98My3ia98My3ia98My3ia98M:e98My3598My3598My3598My3598M

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v6

Tasks