Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Seven.zip

  • Size

    1.4MB

  • Sample

    240430-cc2hnahe9x

  • MD5

    50f553295a4451e0bd7607acb491c732

  • SHA1

    03eafe0b8b1335dbfdaadb0743c6ba0b4eb7af41

  • SHA256

    276a5903dbc07e0200bb6206fb03ea67e8d8a05056426d920a781a12e0a90ac8

  • SHA512

    cec22d9d61ef27190772a4e5e8182c8b80d8d4d28d82b494eeba4b8af745c53f45acb15a0b4b3c5ba71f0ea34ba02e0e3055fe680db4cd45223a96e096a83fc8

  • SSDEEP

    24576:oZ+U7Y/KEHEqjpbl00FjsckGXFPsEzYvQZ7VmNQQMzE63tgsgmYWJcz5ZfWrg3b6:ub7YHEqvRFHkGZzY8O63WstYWGh3L6

Malware Config

Targets

    • Target

      Seven.dll

    • Size

      1.3MB

    • MD5

      b5354db7c3200ccec55fd08c45871d59

    • SHA1

      ecc498dcc425d9d803dcd0eec5efba18c654fc58

    • SHA256

      90d1ad22e058d66acca5e10b5095d857fcb295143d4538930650765eaa25367d

    • SHA512

      58a26c369977bc4fe735dfad9abf062a16fa0f2af3decf92f71339c374751ebfc8e4760ddd01266fc70bfe4bb56b936140e776a742a2b188d7a692029ba627c7

    • SSDEEP

      24576:SL+2hCliElgqjVXlwuFd60yqRFnAYj0vopTVIf86gxg23b+sUAYczkP5f/WRmJ4:SLPh0lgqzpFFyqbj0CA23yshYcIXbm

    Score
    1/10
    • Target

      Seven.exe

    • Size

      139KB

    • MD5

      350273e0d2e8a9ba5e37b791016112a0

    • SHA1

      5bfb616dd46f67d1dcbbff55ca5917ffc1ec8b71

    • SHA256

      27297bf8139bea755e9297e7e1489d827d1ee09a8e1d94a3ef96a2edb2de61ba

    • SHA512

      b1e768524b4e840bd5f4163205122dd1725583245d8bfd5cbd89eb21a5fb9d33aff1b7b0ca42132b7dae469e025068ae663b3b02ad59927a558dc340141ec91b

    • SSDEEP

      3072:miS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJd8ltw:miS4ompB9S3BZi0a1G78IVhcTct

    • Modifies Windows Defender Real-time Protection settings

    • UAC bypass

    • Renames multiple (257) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Disables cmd.exe use via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks