Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fbeaea693a1a5948798b7cac0d3c862c
-
Size
484KB
-
Sample
231228-14w91sgda3
-
MD5
fbeaea693a1a5948798b7cac0d3c862c
-
SHA1
67c144a97131a70ae576b92213688ff5b83f8961
-
SHA256
47a29d2d6211e35ee3c7f0ae9c805b3d2633ae0c1e8f56ef17068bf307c21e56
-
SHA512
5af865d18b0ac9caf4d35f703daad21333599ffdda5c6d9c36c29294b4bc34a2c16db9b5cd6e9fbe68f1f6824f2567b30a49c6d91a6e563ac1b34efe94a2e793
-
SSDEEP
12288:8j4x6uqm//2PIJcXvULz4vPFpDI8Bk4/ETeFcPeUFH:8IX//2+cXvoz4vPFpDI8Bi0cPfFH
Static task
static1
Behavioral task
behavioral1
Sample
fbeaea693a1a5948798b7cac0d3c862c.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
fbeaea693a1a5948798b7cac0d3c862c.exe
Resource
win10v2004-20231222-en
Malware Config
Targets
-
-
Target
fbeaea693a1a5948798b7cac0d3c862c
-
Size
484KB
-
MD5
fbeaea693a1a5948798b7cac0d3c862c
-
SHA1
67c144a97131a70ae576b92213688ff5b83f8961
-
SHA256
47a29d2d6211e35ee3c7f0ae9c805b3d2633ae0c1e8f56ef17068bf307c21e56
-
SHA512
5af865d18b0ac9caf4d35f703daad21333599ffdda5c6d9c36c29294b4bc34a2c16db9b5cd6e9fbe68f1f6824f2567b30a49c6d91a6e563ac1b34efe94a2e793
-
SSDEEP
12288:8j4x6uqm//2PIJcXvULz4vPFpDI8Bk4/ETeFcPeUFH:8IX//2+cXvoz4vPFpDI8Bi0cPfFH
Score10/10-
Modifies visibility of file extensions in Explorer
-
Renames multiple (54) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1