Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361

  • Size

    441KB

  • Sample

    221121-lcyansge7w

  • MD5

    10adc0d375801678dcfc3852d68d8840

  • SHA1

    bf3e1a50a100f54a066fb2324f61f07e7efb4588

  • SHA256

    4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361

  • SHA512

    1c9e308c77df3080bb335065d363955d9e23bf06a7b11e31b2e551d576320aa3bc386aa70c159cdabb142e4bc635cc7fafc793e3b0e46c629f33e1a291eba78b

  • SSDEEP

    12288:9WR1NHSYCWIYWkPkpi2bW2mJhrpmKAUKu59p2Z9anP:9Wb1SYCWIYWkPciFx1mKRhLW9aP

Malware Config

Targets

    • Target

      4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361

    • Size

      441KB

    • MD5

      10adc0d375801678dcfc3852d68d8840

    • SHA1

      bf3e1a50a100f54a066fb2324f61f07e7efb4588

    • SHA256

      4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361

    • SHA512

      1c9e308c77df3080bb335065d363955d9e23bf06a7b11e31b2e551d576320aa3bc386aa70c159cdabb142e4bc635cc7fafc793e3b0e46c629f33e1a291eba78b

    • SSDEEP

      12288:9WR1NHSYCWIYWkPkpi2bW2mJhrpmKAUKu59p2Z9anP:9Wb1SYCWIYWkPciFx1mKRhLW9aP

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks