Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    67ba8edef1ff3b36f261f16f311956aa2d03ad35941cc31691f2e6dd12a5f7ef

  • Size

    16.1MB

  • Sample

    221027-m39basbhgp

  • MD5

    876e7b5e86ff0223a0c3500d7f7239c0

  • SHA1

    d3b5feeb45a482af12bcf9ecae72be0750e7f953

  • SHA256

    67ba8edef1ff3b36f261f16f311956aa2d03ad35941cc31691f2e6dd12a5f7ef

  • SHA512

    9fca2d618366c9712f76ef4524e4c3275be26a7349f0143c4dc281feacd2cf34f7f4f8236405475a182e3989c3ae82342b1c793c3231c3277d53d24f5f2192d8

  • SSDEEP

    393216:wPnF0gSwwQHg8TPUQfJXZ7JwD2nOMI9ZHA7:wPnFjksJXZsMIH6

Malware Config

Targets

    • Target

      67ba8edef1ff3b36f261f16f311956aa2d03ad35941cc31691f2e6dd12a5f7ef

    • Size

      16.1MB

    • MD5

      876e7b5e86ff0223a0c3500d7f7239c0

    • SHA1

      d3b5feeb45a482af12bcf9ecae72be0750e7f953

    • SHA256

      67ba8edef1ff3b36f261f16f311956aa2d03ad35941cc31691f2e6dd12a5f7ef

    • SHA512

      9fca2d618366c9712f76ef4524e4c3275be26a7349f0143c4dc281feacd2cf34f7f4f8236405475a182e3989c3ae82342b1c793c3231c3277d53d24f5f2192d8

    • SSDEEP

      393216:wPnF0gSwwQHg8TPUQfJXZ7JwD2nOMI9ZHA7:wPnFjksJXZsMIH6

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v6

Tasks