Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    HEUR-Trojan.Win32.Generic-fc950f34ce2005659e7b76fed9a740511688e83f84d9d7d225c0e632750518eb.bin

  • Size

    64KB

  • Sample

    230501-yda8raga65

  • MD5

    366aad320bb8a36a88491ad1d164cf09

  • SHA1

    32e3c8c00cb87db06f8e65b2fbc7f04e08a14105

  • SHA256

    fc950f34ce2005659e7b76fed9a740511688e83f84d9d7d225c0e632750518eb

  • SHA512

    921b4d02d2944ea159d2d4623c5b3233bbbf574278e6f8f8f4b023c9b853c6d002f642beb78e316d643df3ab9043b0973cacb5a18a1776ba52d18fabaeff16d7

  • SSDEEP

    768:jykKUSkyDjBSNBvSMIhK7VHQLvGdwFtg2dY6edSYQrq3RWD3Ghc5tTZ92th5Tk9x:SJEN8I5zGXgF6eIdq3Yym5l+tnP

Malware Config

Targets

    • Target

      HEUR-Trojan.Win32.Generic-fc950f34ce2005659e7b76fed9a740511688e83f84d9d7d225c0e632750518eb.bin

    • Size

      64KB

    • MD5

      366aad320bb8a36a88491ad1d164cf09

    • SHA1

      32e3c8c00cb87db06f8e65b2fbc7f04e08a14105

    • SHA256

      fc950f34ce2005659e7b76fed9a740511688e83f84d9d7d225c0e632750518eb

    • SHA512

      921b4d02d2944ea159d2d4623c5b3233bbbf574278e6f8f8f4b023c9b853c6d002f642beb78e316d643df3ab9043b0973cacb5a18a1776ba52d18fabaeff16d7

    • SSDEEP

      768:jykKUSkyDjBSNBvSMIhK7VHQLvGdwFtg2dY6edSYQrq3RWD3Ghc5tTZ92th5Tk9x:SJEN8I5zGXgF6eIdq3Yym5l+tnP

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks