Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0ebc9899c5607a8395ed7e5c442ef38e

  • Size

    5.5MB

  • Sample

    231219-m3j2eaaef2

  • MD5

    0ebc9899c5607a8395ed7e5c442ef38e

  • SHA1

    3c6ca3c4e0163010ae3f38ec49a1a5edeb39aecb

  • SHA256

    502fbce583f91145b61ff34273a50b2225e477898a142d67a717c3eb8ae906bf

  • SHA512

    6dbaf70dfc3c6af6a556e27fa5ef9b12a7111592ea8db5da9d93a1887b55216fab339e3301aff8ef51de953ac006fe7552ccfd7f584ae8c024dcf58c7a8eaa16

  • SSDEEP

    6144:582p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBflC:hp4pNfz3ymJnJ8QCFkxCaQTOlHfU86t

Score
10/10

Malware Config

Targets

    • Target

      0ebc9899c5607a8395ed7e5c442ef38e

    • Size

      5.5MB

    • MD5

      0ebc9899c5607a8395ed7e5c442ef38e

    • SHA1

      3c6ca3c4e0163010ae3f38ec49a1a5edeb39aecb

    • SHA256

      502fbce583f91145b61ff34273a50b2225e477898a142d67a717c3eb8ae906bf

    • SHA512

      6dbaf70dfc3c6af6a556e27fa5ef9b12a7111592ea8db5da9d93a1887b55216fab339e3301aff8ef51de953ac006fe7552ccfd7f584ae8c024dcf58c7a8eaa16

    • SSDEEP

      6144:582p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBflC:hp4pNfz3ymJnJ8QCFkxCaQTOlHfU86t

    Score
    10/10
    • Modifies WinLogon for persistence

    • Renames multiple (3469) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops startup file

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks