Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3801aaf6403d75b9db2f6dbd66c6290384d30314f3dca713b8808ef100a9f9a4

  • Size

    296KB

  • Sample

    221127-ttfqyseg8t

  • MD5

    a9bebdadc68b0e0430679784c52b6c5a

  • SHA1

    97ad8adba9f347d5238382cf297cce160b0e3be6

  • SHA256

    3801aaf6403d75b9db2f6dbd66c6290384d30314f3dca713b8808ef100a9f9a4

  • SHA512

    29cf055f0ca1173478ae49bd478fe14b4c3612a254278a626172f3c41bab72d4a736ddbfb932f5f38ded447a14a491bf32f19df22d17c107c256d8310610a44f

  • SSDEEP

    6144:3ZY8k5DlC0yqnrx54XuG7ft6dGNYqOdA6VpIjyiQErU:3ydw1qnNouGZuuvOhiyiRU

Malware Config

Targets

    • Target

      3801aaf6403d75b9db2f6dbd66c6290384d30314f3dca713b8808ef100a9f9a4

    • Size

      296KB

    • MD5

      a9bebdadc68b0e0430679784c52b6c5a

    • SHA1

      97ad8adba9f347d5238382cf297cce160b0e3be6

    • SHA256

      3801aaf6403d75b9db2f6dbd66c6290384d30314f3dca713b8808ef100a9f9a4

    • SHA512

      29cf055f0ca1173478ae49bd478fe14b4c3612a254278a626172f3c41bab72d4a736ddbfb932f5f38ded447a14a491bf32f19df22d17c107c256d8310610a44f

    • SSDEEP

      6144:3ZY8k5DlC0yqnrx54XuG7ft6dGNYqOdA6VpIjyiQErU:3ydw1qnNouGZuuvOhiyiRU

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks