Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e0503657edff47af6c9bb45750bf8ce22e30119ccee49b99636267342ce4756f

  • Size

    542KB

  • Sample

    221030-cktssahbdq

  • MD5

    8474d3bfa94cf0503791e95995d5ed90

  • SHA1

    c6f2268051897fc2d870001f1a9cc07ebfa14a59

  • SHA256

    e0503657edff47af6c9bb45750bf8ce22e30119ccee49b99636267342ce4756f

  • SHA512

    969f212c08a6688082505b6c7b85ccbff07737ff89f767f7c587e2f4db9ba009fc9c1d67b8c8fa35826cede1791d338f8c9d69c32793cb203cf8aa70c8f17fa4

  • SSDEEP

    12288:a5ZPbEtyeBMBukT+68lEeQOX/Y6TP6oC1Y0+J52IiyXTNug4ZmZTHRvHws8qaZEP:a5ZQtXBW7y3lTNvYaMKfn2FugDAFVHww

Malware Config

Targets

    • Target

      e0503657edff47af6c9bb45750bf8ce22e30119ccee49b99636267342ce4756f

    • Size

      542KB

    • MD5

      8474d3bfa94cf0503791e95995d5ed90

    • SHA1

      c6f2268051897fc2d870001f1a9cc07ebfa14a59

    • SHA256

      e0503657edff47af6c9bb45750bf8ce22e30119ccee49b99636267342ce4756f

    • SHA512

      969f212c08a6688082505b6c7b85ccbff07737ff89f767f7c587e2f4db9ba009fc9c1d67b8c8fa35826cede1791d338f8c9d69c32793cb203cf8aa70c8f17fa4

    • SSDEEP

      12288:a5ZPbEtyeBMBukT+68lEeQOX/Y6TP6oC1Y0+J52IiyXTNug4ZmZTHRvHws8qaZEP:a5ZQtXBW7y3lTNvYaMKfn2FugDAFVHww

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks