Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    032dea2d1b675752515ca40898f051d2

  • Size

    880KB

  • Sample

    231229-zaebnschgl

  • MD5

    032dea2d1b675752515ca40898f051d2

  • SHA1

    9c6a22799cb1c07f28095d314b4aed0d532846f0

  • SHA256

    d7b1bfbe9ec9e5b7907d9bb193e777d180a9007ea369c9a287a18f486707fbaa

  • SHA512

    e5833389342bf4d7bf2ee7a17e14407ab9f5e796e181823dc71e54ce17819b94c8c16d5d66944a04df6291f8d3705179e40b87203ead79327185eff72e7578a9

  • SSDEEP

    12288:Cp4pNfz3ymJnJ8QCFkxCaQTOl2QU8E4vbAfxu/F0ShFgFDTf2:8Etl9mRda1hc4kfxueSG2

Score
10/10

Malware Config

Targets

    • Target

      032dea2d1b675752515ca40898f051d2

    • Size

      880KB

    • MD5

      032dea2d1b675752515ca40898f051d2

    • SHA1

      9c6a22799cb1c07f28095d314b4aed0d532846f0

    • SHA256

      d7b1bfbe9ec9e5b7907d9bb193e777d180a9007ea369c9a287a18f486707fbaa

    • SHA512

      e5833389342bf4d7bf2ee7a17e14407ab9f5e796e181823dc71e54ce17819b94c8c16d5d66944a04df6291f8d3705179e40b87203ead79327185eff72e7578a9

    • SSDEEP

      12288:Cp4pNfz3ymJnJ8QCFkxCaQTOl2QU8E4vbAfxu/F0ShFgFDTf2:8Etl9mRda1hc4kfxueSG2

    Score
    10/10
    • Modifies WinLogon for persistence

    • Renames multiple (91) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks