Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ef086cde35616e48437ed4c56b27323b85046382adf50f4a03c1ef5740df9f27

  • Size

    943KB

  • Sample

    221017-r11nlaccdn

  • MD5

    fd80ca0670b116de39cf05e7e727f211

  • SHA1

    31f6514f133ac264843a05783bfb85674bc54aae

  • SHA256

    ef086cde35616e48437ed4c56b27323b85046382adf50f4a03c1ef5740df9f27

  • SHA512

    82170894116cdc09736810a25dde42c70da3a695916659eb82c6c6468a94495fa14e98877f271f5228a22a97de31ed44268a659f991dbb63ef5fcb4fe46e496c

  • SSDEEP

    12288:lKKKKKuC0i1esXq4cQmmTsG0OzSDWeVJDFUcPXCk3McMyFNJGYBYsY3NvGPiveO2:lKKKKKsxr4cQFTj0OZeVJ904Xppc0

Malware Config

Targets

    • Target

      ef086cde35616e48437ed4c56b27323b85046382adf50f4a03c1ef5740df9f27

    • Size

      943KB

    • MD5

      fd80ca0670b116de39cf05e7e727f211

    • SHA1

      31f6514f133ac264843a05783bfb85674bc54aae

    • SHA256

      ef086cde35616e48437ed4c56b27323b85046382adf50f4a03c1ef5740df9f27

    • SHA512

      82170894116cdc09736810a25dde42c70da3a695916659eb82c6c6468a94495fa14e98877f271f5228a22a97de31ed44268a659f991dbb63ef5fcb4fe46e496c

    • SSDEEP

      12288:lKKKKKuC0i1esXq4cQmmTsG0OzSDWeVJDFUcPXCk3McMyFNJGYBYsY3NvGPiveO2:lKKKKKsxr4cQFTj0OZeVJ904Xppc0

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v6

Tasks