Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    598e4f257c551a221153ca1eabd504fcb29c289472e8702df8e3ba30fc67bc28

  • Size

    440KB

  • Sample

    221121-lcr4nage61

  • MD5

    09de619027fb63f1ee959914d5997350

  • SHA1

    16fecfa6f2fd8bd80f2cb59111e389114d597cad

  • SHA256

    598e4f257c551a221153ca1eabd504fcb29c289472e8702df8e3ba30fc67bc28

  • SHA512

    fa608b175cda60ed2c39a528b86bd22766dcd02c41cfecc1c210b7769f742b39ad379af033b40d543f4c276cccb630e49945ba8716acca412a0af0dda8e7b936

  • SSDEEP

    12288:zVjiqDRCE+gcBeOR+0gbos+tZKS+l5270n:zYGQEeBl+1wl+

Malware Config

Targets

    • Target

      598e4f257c551a221153ca1eabd504fcb29c289472e8702df8e3ba30fc67bc28

    • Size

      440KB

    • MD5

      09de619027fb63f1ee959914d5997350

    • SHA1

      16fecfa6f2fd8bd80f2cb59111e389114d597cad

    • SHA256

      598e4f257c551a221153ca1eabd504fcb29c289472e8702df8e3ba30fc67bc28

    • SHA512

      fa608b175cda60ed2c39a528b86bd22766dcd02c41cfecc1c210b7769f742b39ad379af033b40d543f4c276cccb630e49945ba8716acca412a0af0dda8e7b936

    • SSDEEP

      12288:zVjiqDRCE+gcBeOR+0gbos+tZKS+l5270n:zYGQEeBl+1wl+

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks