Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    875d67fccf7cef85d20e5b07cb1c55d237da1866b6cb17e66c7af7ba6f0539e3

  • Size

    802KB

  • Sample

    221017-d7pm1safdq

  • MD5

    1a22a2b8d17f7dfd3f0c8ef141dd0ff6

  • SHA1

    6eeb3d09498a31f908c47f31f85e143d515f2dee

  • SHA256

    875d67fccf7cef85d20e5b07cb1c55d237da1866b6cb17e66c7af7ba6f0539e3

  • SHA512

    eadfa47639cdd9d91126d4aa74093b6ac51735ed28694eb6e2b4b4bf764a4c066c469fa2081f493c4f05245dd62dbe51d65217a6de6f8649f7db1c9830761135

  • SSDEEP

    6144:e98L598LVjCHov2OU0fSvbSYPLi+Ll4nhOpamZqSntv:lKVjCIv2aavGYPLhVtntv

Malware Config

Targets

    • Target

      875d67fccf7cef85d20e5b07cb1c55d237da1866b6cb17e66c7af7ba6f0539e3

    • Size

      802KB

    • MD5

      1a22a2b8d17f7dfd3f0c8ef141dd0ff6

    • SHA1

      6eeb3d09498a31f908c47f31f85e143d515f2dee

    • SHA256

      875d67fccf7cef85d20e5b07cb1c55d237da1866b6cb17e66c7af7ba6f0539e3

    • SHA512

      eadfa47639cdd9d91126d4aa74093b6ac51735ed28694eb6e2b4b4bf764a4c066c469fa2081f493c4f05245dd62dbe51d65217a6de6f8649f7db1c9830761135

    • SSDEEP

      6144:e98L598LVjCHov2OU0fSvbSYPLi+Ll4nhOpamZqSntv:lKVjCIv2aavGYPLhVtntv

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v6

Tasks