Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bb90548c9c0dd6e411c236b55004a392

  • Size

    388KB

  • Sample

    221122-dp1ybsca5v

  • MD5

    bb90548c9c0dd6e411c236b55004a392

  • SHA1

    1e1db20778c735c26ac2411fa565a1ff43405327

  • SHA256

    f7c1423cc7223b0490b8e98cb656a09eef624c9d0e1f00445031b1c635692b5d

  • SHA512

    12ba06a936605a3ec6873489c863b1e922e2f989d4cab5c73936f6e9699e6a6760a8c001cfbe2ad7cad007b573f563fbea74125abc547eda409403cc4cf05231

  • SSDEEP

    6144:pOYGXaPNxdgSdcq2pVZPOJHAbKSXXDYrM2Vfmq7k3ivPjVbdgZK:1GqN/XdctpVtkiXXDCOZij3Z

Score
10/10

Malware Config

Targets

    • Target

      bb90548c9c0dd6e411c236b55004a392

    • Size

      388KB

    • MD5

      bb90548c9c0dd6e411c236b55004a392

    • SHA1

      1e1db20778c735c26ac2411fa565a1ff43405327

    • SHA256

      f7c1423cc7223b0490b8e98cb656a09eef624c9d0e1f00445031b1c635692b5d

    • SHA512

      12ba06a936605a3ec6873489c863b1e922e2f989d4cab5c73936f6e9699e6a6760a8c001cfbe2ad7cad007b573f563fbea74125abc547eda409403cc4cf05231

    • SSDEEP

      6144:pOYGXaPNxdgSdcq2pVZPOJHAbKSXXDYrM2Vfmq7k3ivPjVbdgZK:1GqN/XdctpVtkiXXDCOZij3Z

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks