Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cddcf3106618d72812eb917df1f5f2e70930ae2720c2d433181e61834ad5ed47

  • Size

    1.1MB

  • Sample

    221019-eycgrsefa2

  • MD5

    b26b60dd2f64de3dacbd2cf01092b4bc

  • SHA1

    1904dbe0b486113f0d2ac5b73910c47194b2f63c

  • SHA256

    cddcf3106618d72812eb917df1f5f2e70930ae2720c2d433181e61834ad5ed47

  • SHA512

    32e8b3e4088ba3c0459ed96d27b0a5ff959ea27c2bbee4ef2b8dec4dcf9b9826f0d4ac2b79b2a700176fc0eef5af3ee386b1b14b31231ff2231f91717bb0d558

  • SSDEEP

    6144:e98L598L598L598L598L598L598L598L598LP5MbkpV74MqzvUzH3GeHYwNpYvrY:lKKKKKKKK5VS6i+CpMtENe

Malware Config

Targets

    • Target

      cddcf3106618d72812eb917df1f5f2e70930ae2720c2d433181e61834ad5ed47

    • Size

      1.1MB

    • MD5

      b26b60dd2f64de3dacbd2cf01092b4bc

    • SHA1

      1904dbe0b486113f0d2ac5b73910c47194b2f63c

    • SHA256

      cddcf3106618d72812eb917df1f5f2e70930ae2720c2d433181e61834ad5ed47

    • SHA512

      32e8b3e4088ba3c0459ed96d27b0a5ff959ea27c2bbee4ef2b8dec4dcf9b9826f0d4ac2b79b2a700176fc0eef5af3ee386b1b14b31231ff2231f91717bb0d558

    • SSDEEP

      6144:e98L598L598L598L598L598L598L598L598LP5MbkpV74MqzvUzH3GeHYwNpYvrY:lKKKKKKKK5VS6i+CpMtENe

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v6

Tasks