Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    aa41a7e306181cc69cd2af015229a883

  • Size

    8.2MB

  • Sample

    240227-1tra1sce36

  • MD5

    aa41a7e306181cc69cd2af015229a883

  • SHA1

    9ec71cb5e799f502f7ef17b9a64caebfde34684d

  • SHA256

    16eb0beec9d5c8edf3bf8b7ac436b45ea02d77751676177d403922113adcfd9d

  • SHA512

    bd44e708aeb4be0dc72cce1fc82c03f0aa476a1d73f0bbf1eca1344a5cb05b6b6d173d85f1379fbca2801e0e0a487ccd63c5c8725a01009157dfa449d90fa680

  • SSDEEP

    49152:iEs1JSJR9x8B8NIMI8Sfpwotkzaxc1OGz88B8NIMI8Sfpwotkzaxc1OGz8G:iE2WJIMzKpXOMGQFIMzKpXOMGQG

Score
10/10

Malware Config

Targets

    • Target

      aa41a7e306181cc69cd2af015229a883

    • Size

      8.2MB

    • MD5

      aa41a7e306181cc69cd2af015229a883

    • SHA1

      9ec71cb5e799f502f7ef17b9a64caebfde34684d

    • SHA256

      16eb0beec9d5c8edf3bf8b7ac436b45ea02d77751676177d403922113adcfd9d

    • SHA512

      bd44e708aeb4be0dc72cce1fc82c03f0aa476a1d73f0bbf1eca1344a5cb05b6b6d173d85f1379fbca2801e0e0a487ccd63c5c8725a01009157dfa449d90fa680

    • SSDEEP

      49152:iEs1JSJR9x8B8NIMI8Sfpwotkzaxc1OGz88B8NIMI8Sfpwotkzaxc1OGz8G:iE2WJIMzKpXOMGQFIMzKpXOMGQG

    Score
    10/10
    • Modifies WinLogon for persistence

    • Renames multiple (91) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks