Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    GLP_installer_900223152_com.activision.callofduty.shooter.exe

  • Size

    3.6MB

  • Sample

    240310-s9an7sff38

  • MD5

    14c596c34978661885ff79f0d5cf24d0

  • SHA1

    5d52c3c5b4d07210fe68fed0b3ff6b24bf31c4ee

  • SHA256

    dd4bd8a2097d961a5fab0f266f4f53c5131364bbea4c8e66e42bcae87b9de04d

  • SHA512

    2fddd3b4cd7148d71bbd441a795849d44e947ab6727ca700f3dc29ce2c0dbb94834eb9a6fab2b00749f12c726cc5d2f2bb7ea5d8919cade0730549f3b0e0b035

  • SSDEEP

    49152:A08OhxtUg9OUi82w6aQp9dgS1GUL38XhCOYc3iJXe9emEPGKOPkQThMYR1nm7LBt:A08vdsGaQNgS1C6eznukqb

Malware Config

Targets

    • Target

      GLP_installer_900223152_com.activision.callofduty.shooter.exe

    • Size

      3.6MB

    • MD5

      14c596c34978661885ff79f0d5cf24d0

    • SHA1

      5d52c3c5b4d07210fe68fed0b3ff6b24bf31c4ee

    • SHA256

      dd4bd8a2097d961a5fab0f266f4f53c5131364bbea4c8e66e42bcae87b9de04d

    • SHA512

      2fddd3b4cd7148d71bbd441a795849d44e947ab6727ca700f3dc29ce2c0dbb94834eb9a6fab2b00749f12c726cc5d2f2bb7ea5d8919cade0730549f3b0e0b035

    • SSDEEP

      49152:A08OhxtUg9OUi82w6aQp9dgS1GUL38XhCOYc3iJXe9emEPGKOPkQThMYR1nm7LBt:A08vdsGaQNgS1C6eznukqb

    • Renames multiple (94) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Downloads MZ/PE file

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks