Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2288274507c221f12776ff15b93d303a
-
Size
484KB
-
Sample
231225-qy6amadga2
-
MD5
2288274507c221f12776ff15b93d303a
-
SHA1
e455a4f5785a0cfcaf35be4ece87f44e708341ed
-
SHA256
fc688d6e94195b6a2d13e4c09c23384a822375cbdba0032e3aeee2bb6c765c77
-
SHA512
58f2b40879d3bee2badfe5f08af2ec65c5f5ad0e4e6a2c31f0cd0a3c0dd9d52523cfb0c70f15b3d6ea34ff606aec9ca7705a178fa93d1f5c86a55a91b657dbf4
-
SSDEEP
12288:08oOHceJryOy5EIJ4FWc4CB+Hik0dMmfrrYo6lZUqWF:08ojOtIiArCB+CkM7rrZ6o
Malware Config
Targets
-
-
Target
2288274507c221f12776ff15b93d303a
-
Size
484KB
-
MD5
2288274507c221f12776ff15b93d303a
-
SHA1
e455a4f5785a0cfcaf35be4ece87f44e708341ed
-
SHA256
fc688d6e94195b6a2d13e4c09c23384a822375cbdba0032e3aeee2bb6c765c77
-
SHA512
58f2b40879d3bee2badfe5f08af2ec65c5f5ad0e4e6a2c31f0cd0a3c0dd9d52523cfb0c70f15b3d6ea34ff606aec9ca7705a178fa93d1f5c86a55a91b657dbf4
-
SSDEEP
12288:08oOHceJryOy5EIJ4FWc4CB+Hik0dMmfrrYo6lZUqWF:08ojOtIiArCB+CkM7rrZ6o
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (53) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1