Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SevenRecode.zip

  • Size

    102KB

  • Sample

    240501-bke4yscc4z

  • MD5

    dc869a22c87c274289d7601e54c8b6ff

  • SHA1

    746dd0b42a0b08305a3e6961ba9f07abef51c96a

  • SHA256

    30315bf17ae1541bd7733f5a8801981cc3a8e3d899d15b2ff7cf9e9ad798550f

  • SHA512

    2cc7e14429f4f6ba3f3d7a718ee270493baf152e8c94be250ef7db9c16a9ebd37ae9087fb34934176564b1a77bba8b779977f79eb29a84f5456f2a8cb6252cc3

  • SSDEEP

    1536:7jbs5Ta2Cchnhh/UkcaalCVVhiXFGGDsSuV2m+AoI42C4WHTO9cPezLRzY3:3bsla4nzckcaOCVmVGGDsHcbILBpCwlM

Malware Config

Targets

    • Target

      SevenRecode.dll

    • Size

      34KB

    • MD5

      f8f664f84bb368cb1aa59d7d54d3f181

    • SHA1

      4e596e0ecafb9603e722a19f47065babf6f7e7a6

    • SHA256

      be20ae4e7c1ff8d2529f970ea2e1b55e7be107c13f0c6b30e89fc7b8889ddd0f

    • SHA512

      54bf76d47b625521bebcba8c93571cf6df0f45045354571740f6fbc26d933b6f9bf948b947a48226a968998eb100faa6ef5473f0cba1db1588fb57c0c1cf6b44

    • SSDEEP

      768:9xHComOkxhtxTFktBhhPHY24Q6RPIAvRs3sI85bPh0zy8L3lHLSo4x:rxefvkDPx4Q4RZoIdhkrSo4

    Score
    1/10
    • Target

      SevenRecode.exe

    • Size

      139KB

    • MD5

      a2488db381a90da326053a2050cee0b3

    • SHA1

      ccd2a0b649126f6fcd9c8118ee35c9444bc5acd3

    • SHA256

      ab179853ce915ac8d41a77c553a56bd9c660f632326ab97929fd57b081138ef4

    • SHA512

      3f9ae5f78f632e9b07f98ea88a806f7252340882f07081bfe2f1cdadde39a13324bee455a78971ade7e893d03ed27a1a7d123dd59b504eaf0adc8340457fad42

    • SSDEEP

      3072:eiS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJt8ltf:eiS4ompB9S3BZi0a1G78IVhcXct

    • Renames multiple (3779) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks