Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    be728f86ec93958f300b9d36740ba6c12b0ab5d5f9554ff86ed9c87f686aa937

  • Size

    1.3MB

  • Sample

    240710-eshrlawcmj

  • MD5

    9fe1882c032b5e51c335c50b4b37902f

  • SHA1

    5fc01266eb91b6b095c4e9e61211329916ad7ab0

  • SHA256

    be728f86ec93958f300b9d36740ba6c12b0ab5d5f9554ff86ed9c87f686aa937

  • SHA512

    a779390053a8db71503c15a95cb320f64b432971796f9d63db110997573362f0478039f3768be1c554bc9538f498d19558057bddc3d301f3bba6ec77f6b40fca

  • SSDEEP

    24576:3Z+05tErv2XwKvHoBHErvOmnD4TxJeUrtONbcDvX+ZRDSq9yG0+GYCwdD5sguoax:3Z+05RvyiUTxwuoNbxzyG0QCKD5daDEy

Malware Config

Targets

    • Target

      be728f86ec93958f300b9d36740ba6c12b0ab5d5f9554ff86ed9c87f686aa937

    • Size

      1.3MB

    • MD5

      9fe1882c032b5e51c335c50b4b37902f

    • SHA1

      5fc01266eb91b6b095c4e9e61211329916ad7ab0

    • SHA256

      be728f86ec93958f300b9d36740ba6c12b0ab5d5f9554ff86ed9c87f686aa937

    • SHA512

      a779390053a8db71503c15a95cb320f64b432971796f9d63db110997573362f0478039f3768be1c554bc9538f498d19558057bddc3d301f3bba6ec77f6b40fca

    • SSDEEP

      24576:3Z+05tErv2XwKvHoBHErvOmnD4TxJeUrtONbcDvX+ZRDSq9yG0+GYCwdD5sguoax:3Z+05RvyiUTxwuoNbxzyG0QCKD5daDEy

    • Renames multiple (216) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks