Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2623237dd44d3ed8855b17d9d231ea90N.exe

  • Size

    176KB

  • Sample

    240726-s2az1awgkq

  • MD5

    2623237dd44d3ed8855b17d9d231ea90

  • SHA1

    fdf6218ba4050eafd45b325d77ee6c1f16f6ba1e

  • SHA256

    cda75774f848a3c03034a34b02fe111158082fb16bd95e7b07458785f21b6c4d

  • SHA512

    2c729c76defb224b01afaebb74cadb405e31602936f95a940f93906d129e00bb239568268e9f2ab7aa9326f8f64b65278fe9b882c18b646cc2b76ec0c92f75d6

  • SSDEEP

    3072:enaypQSoskMY5YHG6GtnaypQSoskMY5YHG6Gx:wHpQSoTHpQSoL

Malware Config

Targets

    • Target

      2623237dd44d3ed8855b17d9d231ea90N.exe

    • Size

      176KB

    • MD5

      2623237dd44d3ed8855b17d9d231ea90

    • SHA1

      fdf6218ba4050eafd45b325d77ee6c1f16f6ba1e

    • SHA256

      cda75774f848a3c03034a34b02fe111158082fb16bd95e7b07458785f21b6c4d

    • SHA512

      2c729c76defb224b01afaebb74cadb405e31602936f95a940f93906d129e00bb239568268e9f2ab7aa9326f8f64b65278fe9b882c18b646cc2b76ec0c92f75d6

    • SSDEEP

      3072:enaypQSoskMY5YHG6GtnaypQSoskMY5YHG6Gx:wHpQSoTHpQSoL

    • Renames multiple (3150) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks