Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

2b6b234e2b...25.exe

windows7-x64

9

2b6b234e2b...25.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2b6b234e2b8ee0391bb7313b02066d4b706bd30c07ab0e2be6d688065d9ecc25

  • Size

    1.1MB

  • Sample

    221018-xnsecadac8

  • MD5

    e1880c5fb155a1b142e85603ca19c2e8

  • SHA1

    ef529508ab773d924178c5596f1a8e8b950715d6

  • SHA256

    2b6b234e2b8ee0391bb7313b02066d4b706bd30c07ab0e2be6d688065d9ecc25

  • SHA512

    4a5a86de697d071457e36d5fda4a110137f21d4ca887e86520cdac21a929ff23a35de54d543fc9698dad3badd70acc47ab137c734473687ef6802ddb77a9343e

  • SSDEEP

    24576:lKKKKKKKKKKKKKKKKKKKKKKKKKN7ChBWMQ+uSJJd3:pjLuSh3

Score
9/10
ransomwarespywarestealer

Malware Config

Targets

    • Target

      2b6b234e2b8ee0391bb7313b02066d4b706bd30c07ab0e2be6d688065d9ecc25

    • Size

      1.1MB

    • MD5

      e1880c5fb155a1b142e85603ca19c2e8

    • SHA1

      ef529508ab773d924178c5596f1a8e8b950715d6

    • SHA256

      2b6b234e2b8ee0391bb7313b02066d4b706bd30c07ab0e2be6d688065d9ecc25

    • SHA512

      4a5a86de697d071457e36d5fda4a110137f21d4ca887e86520cdac21a929ff23a35de54d543fc9698dad3badd70acc47ab137c734473687ef6802ddb77a9343e

    • SSDEEP

      24576:lKKKKKKKKKKKKKKKKKKKKKKKKKN7ChBWMQ+uSJJd3:pjLuSh3

    Score
    9/10
    ransomwarespywarestealer

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks