Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    disk-drill-win.exe

  • Size

    18.6MB

  • Sample

    231009-qkxrbsfb46

  • MD5

    7dd843c7524d9d7b0cbce1ca2de894bb

  • SHA1

    f84e6c5e6dfe61744376cbb8f465a9529e3e1543

  • SHA256

    0b136ebad5e9be01570aecd0c92906371c20729e09de4e7b2e3994be829d771d

  • SHA512

    d9dc3f58dfd3b5c711cadc9c0c4619c684cec00d66292aa404186cab7c8a958c8e345abf69be25ae4db6cd9688e92c42df5a0d614a461a7873010d24b84dcace

  • SSDEEP

    393216:EtZSoFIFfYIyffUsoPA/ib9gPP/5XcJtH3vNuuftlh:EIFfnOcsoPA+qWH/Nuezh

Malware Config

Targets

    • Target

      disk-drill-win.exe

    • Size

      18.6MB

    • MD5

      7dd843c7524d9d7b0cbce1ca2de894bb

    • SHA1

      f84e6c5e6dfe61744376cbb8f465a9529e3e1543

    • SHA256

      0b136ebad5e9be01570aecd0c92906371c20729e09de4e7b2e3994be829d771d

    • SHA512

      d9dc3f58dfd3b5c711cadc9c0c4619c684cec00d66292aa404186cab7c8a958c8e345abf69be25ae4db6cd9688e92c42df5a0d614a461a7873010d24b84dcace

    • SSDEEP

      393216:EtZSoFIFfYIyffUsoPA/ib9gPP/5XcJtH3vNuuftlh:EIFfnOcsoPA+qWH/Nuezh

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Adds Run key to start application

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks