Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    458feaf157dc30c9aeebc7b939487648.exe

  • Size

    3.4MB

  • Sample

    240106-l913tseeh2

  • MD5

    458feaf157dc30c9aeebc7b939487648

  • SHA1

    02ea664dae6229f391789e6d6debdc20d42deff9

  • SHA256

    9a2050975d64a4555022767549de73a45570e0d492817541425c94b617a8fefc

  • SHA512

    d556d490cae2471adddd5ed63a35479432cb52d0ea887335ddc673294abd1f9270e1e0e6a8d7efb5b2c4b6faca81de4093cf1294c414e5d56df95fc6cba6a5f7

  • SSDEEP

    24576:OEtl9mRda1CKB8NIyXbacAfUSunEp+XRGEUvkXw6zezNFtcyyRvx+z94sY8x:NEs1hB8NIMI8Sfpwotkzaxc1OGz8x

Score
10/10

Malware Config

Targets

    • Target

      458feaf157dc30c9aeebc7b939487648.exe

    • Size

      3.4MB

    • MD5

      458feaf157dc30c9aeebc7b939487648

    • SHA1

      02ea664dae6229f391789e6d6debdc20d42deff9

    • SHA256

      9a2050975d64a4555022767549de73a45570e0d492817541425c94b617a8fefc

    • SHA512

      d556d490cae2471adddd5ed63a35479432cb52d0ea887335ddc673294abd1f9270e1e0e6a8d7efb5b2c4b6faca81de4093cf1294c414e5d56df95fc6cba6a5f7

    • SSDEEP

      24576:OEtl9mRda1CKB8NIyXbacAfUSunEp+XRGEUvkXw6zezNFtcyyRvx+z94sY8x:NEs1hB8NIMI8Sfpwotkzaxc1OGz8x

    Score
    10/10
    • Modifies WinLogon for persistence

    • Renames multiple (91) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks