Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    GLP_installer_900223152_com.activision.callofduty.shooter.exe

  • Size

    3.6MB

  • Sample

    240310-s9an7sff38

  • MD5

    14c596c34978661885ff79f0d5cf24d0

  • SHA1

    5d52c3c5b4d07210fe68fed0b3ff6b24bf31c4ee

  • SHA256

    dd4bd8a2097d961a5fab0f266f4f53c5131364bbea4c8e66e42bcae87b9de04d

  • SHA512

    2fddd3b4cd7148d71bbd441a795849d44e947ab6727ca700f3dc29ce2c0dbb94834eb9a6fab2b00749f12c726cc5d2f2bb7ea5d8919cade0730549f3b0e0b035

  • SSDEEP

    49152:A08OhxtUg9OUi82w6aQp9dgS1GUL38XhCOYc3iJXe9emEPGKOPkQThMYR1nm7LBt:A08vdsGaQNgS1C6eznukqb

Malware Config

Targets

    • Target

      GLP_installer_900223152_com.activision.callofduty.shooter.exe

    • Size

      3.6MB

    • MD5

      14c596c34978661885ff79f0d5cf24d0

    • SHA1

      5d52c3c5b4d07210fe68fed0b3ff6b24bf31c4ee

    • SHA256

      dd4bd8a2097d961a5fab0f266f4f53c5131364bbea4c8e66e42bcae87b9de04d

    • SHA512

      2fddd3b4cd7148d71bbd441a795849d44e947ab6727ca700f3dc29ce2c0dbb94834eb9a6fab2b00749f12c726cc5d2f2bb7ea5d8919cade0730549f3b0e0b035

    • SSDEEP

      49152:A08OhxtUg9OUi82w6aQp9dgS1GUL38XhCOYc3iJXe9emEPGKOPkQThMYR1nm7LBt:A08vdsGaQNgS1C6eznukqb

    • Renames multiple (94) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Downloads MZ/PE file

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.