Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5cdfaad20cdf58exeexeexeex.exe

  • Size

    334KB

  • Sample

    230706-qyx91sch6v

  • MD5

    5cdfaad20cdf5895477b8dd451a38b76

  • SHA1

    f59d1bc399d988d5d5169e7df09b8e57589c1127

  • SHA256

    1fbfc0b007a6e3e6d21635f4fc6862f73193a94eb54ca6561eb8de30ede2b155

  • SHA512

    78229d6cd0432671aa91a770a95b97691376d1283a6ad4be59cb01eb439e987eb87f341405fe54889f6e2957fe874c6940d53ade0dcaf0be7698a634b86828d1

  • SSDEEP

    6144:lv3XLrZ99999999999999X99999999999999X99999999999999X99999999999j:NnLrZ99999999999999X99999999999D

Malware Config

Targets

    • Target

      5cdfaad20cdf58exeexeexeex.exe

    • Size

      334KB

    • MD5

      5cdfaad20cdf5895477b8dd451a38b76

    • SHA1

      f59d1bc399d988d5d5169e7df09b8e57589c1127

    • SHA256

      1fbfc0b007a6e3e6d21635f4fc6862f73193a94eb54ca6561eb8de30ede2b155

    • SHA512

      78229d6cd0432671aa91a770a95b97691376d1283a6ad4be59cb01eb439e987eb87f341405fe54889f6e2957fe874c6940d53ade0dcaf0be7698a634b86828d1

    • SSDEEP

      6144:lv3XLrZ99999999999999X99999999999999X99999999999999X99999999999j:NnLrZ99999999999999X99999999999D

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Blocklisted process makes network request

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks