Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5fc92308120aa10dc1062c4c319559ed0b1308befe117d5cafa283e245bea1e9

  • Size

    220KB

  • Sample

    221127-kmsx9sgh3t

  • MD5

    941fb1cd3fdab89abc35f0a21abd2f45

  • SHA1

    349c15855c91c341db0bc01cc328a17a3554cbc4

  • SHA256

    5fc92308120aa10dc1062c4c319559ed0b1308befe117d5cafa283e245bea1e9

  • SHA512

    14cf15e0f84f821adfd4dfe3037421291f296e9613db3f77405053e2b4a9a2e18625c2425a56af02bb479ff8e5c6b2eb45808d0054b5dbefd3d9cba213c0ade5

  • SSDEEP

    3072:sTVZEA0R5UeyVSzeIw6upojbcbf0L1siwNGRRH9fZvl2hZm6nE:sxWA0EeKvpdbf0L1si9H9fZvj6E

Malware Config

Targets

    • Target

      5fc92308120aa10dc1062c4c319559ed0b1308befe117d5cafa283e245bea1e9

    • Size

      220KB

    • MD5

      941fb1cd3fdab89abc35f0a21abd2f45

    • SHA1

      349c15855c91c341db0bc01cc328a17a3554cbc4

    • SHA256

      5fc92308120aa10dc1062c4c319559ed0b1308befe117d5cafa283e245bea1e9

    • SHA512

      14cf15e0f84f821adfd4dfe3037421291f296e9613db3f77405053e2b4a9a2e18625c2425a56af02bb479ff8e5c6b2eb45808d0054b5dbefd3d9cba213c0ade5

    • SSDEEP

      3072:sTVZEA0R5UeyVSzeIw6upojbcbf0L1siwNGRRH9fZvl2hZm6nE:sxWA0EeKvpdbf0L1si9H9fZvj6E

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks