Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SevenRecode.zip
-
Size
102KB
-
Sample
240501-bke4yscc4z
-
MD5
dc869a22c87c274289d7601e54c8b6ff
-
SHA1
746dd0b42a0b08305a3e6961ba9f07abef51c96a
-
SHA256
30315bf17ae1541bd7733f5a8801981cc3a8e3d899d15b2ff7cf9e9ad798550f
-
SHA512
2cc7e14429f4f6ba3f3d7a718ee270493baf152e8c94be250ef7db9c16a9ebd37ae9087fb34934176564b1a77bba8b779977f79eb29a84f5456f2a8cb6252cc3
-
SSDEEP
1536:7jbs5Ta2Cchnhh/UkcaalCVVhiXFGGDsSuV2m+AoI42C4WHTO9cPezLRzY3:3bsla4nzckcaOCVmVGGDsHcbILBpCwlM
Malware Config
Targets
-
-
Target
SevenRecode.dll
-
Size
34KB
-
MD5
f8f664f84bb368cb1aa59d7d54d3f181
-
SHA1
4e596e0ecafb9603e722a19f47065babf6f7e7a6
-
SHA256
be20ae4e7c1ff8d2529f970ea2e1b55e7be107c13f0c6b30e89fc7b8889ddd0f
-
SHA512
54bf76d47b625521bebcba8c93571cf6df0f45045354571740f6fbc26d933b6f9bf948b947a48226a968998eb100faa6ef5473f0cba1db1588fb57c0c1cf6b44
-
SSDEEP
768:9xHComOkxhtxTFktBhhPHY24Q6RPIAvRs3sI85bPh0zy8L3lHLSo4x:rxefvkDPx4Q4RZoIdhkrSo4
Score1/10 -
-
-
Target
SevenRecode.exe
-
Size
139KB
-
MD5
a2488db381a90da326053a2050cee0b3
-
SHA1
ccd2a0b649126f6fcd9c8118ee35c9444bc5acd3
-
SHA256
ab179853ce915ac8d41a77c553a56bd9c660f632326ab97929fd57b081138ef4
-
SHA512
3f9ae5f78f632e9b07f98ea88a806f7252340882f07081bfe2f1cdadde39a13324bee455a78971ade7e893d03ed27a1a7d123dd59b504eaf0adc8340457fad42
-
SSDEEP
3072:eiS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJt8ltf:eiS4ompB9S3BZi0a1G78IVhcXct
Score9/10-
Renames multiple (3779) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-