Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0ebc9899c5607a8395ed7e5c442ef38e
-
Size
5.5MB
-
Sample
231219-m3j2eaaef2
-
MD5
0ebc9899c5607a8395ed7e5c442ef38e
-
SHA1
3c6ca3c4e0163010ae3f38ec49a1a5edeb39aecb
-
SHA256
502fbce583f91145b61ff34273a50b2225e477898a142d67a717c3eb8ae906bf
-
SHA512
6dbaf70dfc3c6af6a556e27fa5ef9b12a7111592ea8db5da9d93a1887b55216fab339e3301aff8ef51de953ac006fe7552ccfd7f584ae8c024dcf58c7a8eaa16
-
SSDEEP
6144:582p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBflC:hp4pNfz3ymJnJ8QCFkxCaQTOlHfU86t
Static task
static1
Behavioral task
behavioral1
Sample
0ebc9899c5607a8395ed7e5c442ef38e.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
0ebc9899c5607a8395ed7e5c442ef38e.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
0ebc9899c5607a8395ed7e5c442ef38e
-
Size
5.5MB
-
MD5
0ebc9899c5607a8395ed7e5c442ef38e
-
SHA1
3c6ca3c4e0163010ae3f38ec49a1a5edeb39aecb
-
SHA256
502fbce583f91145b61ff34273a50b2225e477898a142d67a717c3eb8ae906bf
-
SHA512
6dbaf70dfc3c6af6a556e27fa5ef9b12a7111592ea8db5da9d93a1887b55216fab339e3301aff8ef51de953ac006fe7552ccfd7f584ae8c024dcf58c7a8eaa16
-
SSDEEP
6144:582p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBflC:hp4pNfz3ymJnJ8QCFkxCaQTOlHfU86t
Score10/10-
Modifies WinLogon for persistence
-
Renames multiple (3469) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-