Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f1e52eb601e94345dcc917a85f3b3a5f5bdded1f6863b5400b0a1164f7c87dbb

  • Size

    477KB

  • Sample

    221030-ckf7pahbcp

  • MD5

    93569aabb52abec7ae448ca5a22b2890

  • SHA1

    ccd0db3eb2a38643a7564624ca301147a88d1596

  • SHA256

    f1e52eb601e94345dcc917a85f3b3a5f5bdded1f6863b5400b0a1164f7c87dbb

  • SHA512

    d44939d36fa43d953a19139ef455dd8804e86f8d28aeba4fffd42b54d41d4a01fbd9c156b57460f2c44593bca0666c89a8a4c67f1f3594f77677618a9e985dc0

  • SSDEEP

    6144:VdQU83137Zb8Jf1oQv1/ZedhazxjADs/odyf7LNspiQV2pHvWdAcgzzMQhyN:VdQU83137KJfFZcMmI/iNMQV2lc0zMPN

Malware Config

Targets

    • Target

      f1e52eb601e94345dcc917a85f3b3a5f5bdded1f6863b5400b0a1164f7c87dbb

    • Size

      477KB

    • MD5

      93569aabb52abec7ae448ca5a22b2890

    • SHA1

      ccd0db3eb2a38643a7564624ca301147a88d1596

    • SHA256

      f1e52eb601e94345dcc917a85f3b3a5f5bdded1f6863b5400b0a1164f7c87dbb

    • SHA512

      d44939d36fa43d953a19139ef455dd8804e86f8d28aeba4fffd42b54d41d4a01fbd9c156b57460f2c44593bca0666c89a8a4c67f1f3594f77677618a9e985dc0

    • SSDEEP

      6144:VdQU83137Zb8Jf1oQv1/ZedhazxjADs/odyf7LNspiQV2pHvWdAcgzzMQhyN:VdQU83137KJfFZcMmI/iNMQV2lc0zMPN

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks