Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9ccea57913edfffe3f55c8bf6bf8329d5b1a833b1329bd0656a11ba53347f7f6

  • Size

    541KB

  • Sample

    240316-esttvsbf2w

  • MD5

    145cb17599f245058b5fd7fccb6f0d8a

  • SHA1

    4ebfef558949f71b78efd9a874951cac799ecbb3

  • SHA256

    9ccea57913edfffe3f55c8bf6bf8329d5b1a833b1329bd0656a11ba53347f7f6

  • SHA512

    2e9cca98b7b602a51794bd7e1c8d554d40a1ac2a5c4f4686afd0878dac0df2d732b8cb66b12150b3306dae086847167fa35ac15cefcc859e48464d4e7918404b

  • SSDEEP

    12288:oD+XPX/kwky0jq4E50W/sN7sufkFyNI03bUzO4hJcB/77WMa:LP+hMH/GDzNpUK4XCD7WMa

Malware Config

Targets

    • Target

      10d2acf2624e52b9dd5f5a78b14bcdf7728bb9ef76f90008f622a5381d555952.exe

    • Size

      798KB

    • MD5

      202dd42eee0197f8951ca6b115432b30

    • SHA1

      5d1a4fb62b88e28a46f1988cf0f7b035b28d424d

    • SHA256

      10d2acf2624e52b9dd5f5a78b14bcdf7728bb9ef76f90008f622a5381d555952

    • SHA512

      3a844c0493df3521fce56d454aab73221bda5a3a65f98b14d36975537b9df2fe5209e1c884736b5b3da5ae2b4a76225b4ffa751674d3802dfcef75cc5573d15b

    • SSDEEP

      12288:uafx644Z97eXJM/0bsXGwCqjwEDBlf9plvnSAq:zA44bSPs2wwEDBnplaAq

    • Avaddon

      Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.

    • Avaddon payload

    • UAC bypass

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Renames multiple (196) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks