Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3768016703a237772237ca984d973ee46bb9a88719bc3487a71e0c29acec5741
-
Size
506KB
-
Sample
221121-ldfr1sda46
-
MD5
22ea7d2e93ff8eb95fb461c9bd495e30
-
SHA1
ea76ca9758f7eddb0f4654e078f7613403d02bc9
-
SHA256
3768016703a237772237ca984d973ee46bb9a88719bc3487a71e0c29acec5741
-
SHA512
a2e39f9ec4030893ed2470365516ffe56db7560a6da0a147d72d134a1e33d898b4c12bae023c2d7860dbc424b318cca3b83790b5fccc590a7a67caa9fdce62e0
-
SSDEEP
12288:/enUy798MPK9C/AAANyd3OqIPx9dzztgm8rjOmSYZIQIb:2nUy798MEC/+qIP/dkjDZzIb
Malware Config
Targets
-
-
Target
3768016703a237772237ca984d973ee46bb9a88719bc3487a71e0c29acec5741
-
Size
506KB
-
MD5
22ea7d2e93ff8eb95fb461c9bd495e30
-
SHA1
ea76ca9758f7eddb0f4654e078f7613403d02bc9
-
SHA256
3768016703a237772237ca984d973ee46bb9a88719bc3487a71e0c29acec5741
-
SHA512
a2e39f9ec4030893ed2470365516ffe56db7560a6da0a147d72d134a1e33d898b4c12bae023c2d7860dbc424b318cca3b83790b5fccc590a7a67caa9fdce62e0
-
SSDEEP
12288:/enUy798MPK9C/AAANyd3OqIPx9dzztgm8rjOmSYZIQIb:2nUy798MEC/+qIP/dkjDZzIb
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-