Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    88e21ba6949207exeexeexeex.exe

  • Size

    256KB

  • Sample

    230709-jad3xabb46

  • MD5

    88e21ba69492076afa3e8cd9468e80e3

  • SHA1

    c2d062787d1b3d73fb3f40ba142f87337fd396f6

  • SHA256

    05dc2fd7500895b3b606ce163166b124c54660511a8fc0374d67f03ea33da845

  • SHA512

    0d878a01e1af7711296ec03ee7f1a25178d90e6ce1a1c44ae5521df1447e1834aabc514bde98901964d9dc1bcf33473c0dfbbb34c520896508c66f669e3a1d6c

  • SSDEEP

    6144:B9B3zAM/Wo+AG8kyj8piqHSCB2Tdcbk85hZJxvjx97Yz5pZIjuZPWY00/DhyBYN:BT3lWok8kyj8piqHSCB2Tdcbk85hZJx6

Malware Config

Targets

    • Target

      88e21ba6949207exeexeexeex.exe

    • Size

      256KB

    • MD5

      88e21ba69492076afa3e8cd9468e80e3

    • SHA1

      c2d062787d1b3d73fb3f40ba142f87337fd396f6

    • SHA256

      05dc2fd7500895b3b606ce163166b124c54660511a8fc0374d67f03ea33da845

    • SHA512

      0d878a01e1af7711296ec03ee7f1a25178d90e6ce1a1c44ae5521df1447e1834aabc514bde98901964d9dc1bcf33473c0dfbbb34c520896508c66f669e3a1d6c

    • SSDEEP

      6144:B9B3zAM/Wo+AG8kyj8piqHSCB2Tdcbk85hZJxvjx97Yz5pZIjuZPWY00/DhyBYN:BT3lWok8kyj8piqHSCB2Tdcbk85hZJx6

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks