Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    48689c986eb553e6a7aeba973501b9660cb1418d4ec3ba9d0511f82799d1422c.zip

  • Size

    570KB

  • Sample

    230311-q192labf4z

  • MD5

    cf82682c4101984695f6bec0b7f11b38

  • SHA1

    0775e154a080b58b9b71778708c19162e2447821

  • SHA256

    90d8071fcbdc74c16258487c86689fa35090169b289233600c3b3dca105a729d

  • SHA512

    be19f6e83887f44ee34a769ef816052ed6af540416a94bf881b636ee88d493bdcb39927cb4b72f86ba7ff1652f5d4fb1ee8b422ef176a79f394ddf601a6ed39a

  • SSDEEP

    12288:VvBN9Eg7u/4xmMXCnVpp8dwDAldGmKh5++2LRejl719Z4JxPrWH5Q7b2:VJvEOF4MXCnPpXclQhb2AjlV4rDWH5wS

Malware Config

Targets

    • Target

      48689c986eb553e6a7aeba973501b9660cb1418d4ec3ba9d0511f82799d1422c.exe

    • Size

      645KB

    • MD5

      79cdf459683c39e9704a37a6be9bc877

    • SHA1

      450d4f351c3dd168e313b309da4bd8a817453d1d

    • SHA256

      48689c986eb553e6a7aeba973501b9660cb1418d4ec3ba9d0511f82799d1422c

    • SHA512

      2cc3f164e92650c4d4aed7012da7d303d24cdc63565ed744a28cb6d59465189233a128a01f4b807aa972057e0d0d98742c5ca9b41a67bf59f0f115de30eb6bd4

    • SSDEEP

      12288:Ya8gND5n7gG2WERaCyDVbdlSQLeYBgdAULx9mutZo5B:YgNDBg3JRaCyDVplSUBgrHtZor

    • Avaddon

      Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.

    • Avaddon payload

    • UAC bypass

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks