Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bb5ca9d8de51734dbd14dc081c7c892d819cd14fafd7ccd62849d70f9e679369.exe

  • Size

    205KB

  • Sample

    230330-1ggk2sec87

  • MD5

    62e53bc5aa5f2a70a54e328bff51505f

  • SHA1

    e7deceee97a09d539d81eb91f988ece5e2a2ff51

  • SHA256

    bb5ca9d8de51734dbd14dc081c7c892d819cd14fafd7ccd62849d70f9e679369

  • SHA512

    a676dd284188271be1760ed1edd3320341713662aba1c615481f256007e614e58756a7b6a565beed777230c2ae829c561e3bf3510921ad6495d3776cfdfaa793

  • SSDEEP

    6144:+B4mr9NzqHW7V5V9w/UIRZizI1aqebq/lsyp:+B40qHW7nU/pZmiXqy

Malware Config

Targets

    • Target

      bb5ca9d8de51734dbd14dc081c7c892d819cd14fafd7ccd62849d70f9e679369.exe

    • Size

      205KB

    • MD5

      62e53bc5aa5f2a70a54e328bff51505f

    • SHA1

      e7deceee97a09d539d81eb91f988ece5e2a2ff51

    • SHA256

      bb5ca9d8de51734dbd14dc081c7c892d819cd14fafd7ccd62849d70f9e679369

    • SHA512

      a676dd284188271be1760ed1edd3320341713662aba1c615481f256007e614e58756a7b6a565beed777230c2ae829c561e3bf3510921ad6495d3776cfdfaa793

    • SSDEEP

      6144:+B4mr9NzqHW7V5V9w/UIRZizI1aqebq/lsyp:+B40qHW7nU/pZmiXqy

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies boot configuration data using bcdedit

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v6

Tasks