Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
da3217f8cf177345c9a7c2dd694f37d5d64bc8b3aa2f78561a738bc4d8877adb
-
Size
84KB
-
Sample
240731-vdbmqsycnb
-
MD5
bed148c03d89e8611a6b4cf03e508f80
-
SHA1
259767a1733cba3b05588408ceab5d36753a7d39
-
SHA256
da3217f8cf177345c9a7c2dd694f37d5d64bc8b3aa2f78561a738bc4d8877adb
-
SHA512
7fd49f1182fc9e2828cc20e64fe8d923720567a78a43bf592da28cf2ea13b4d57116cb51c8507d4c233286d5e07144ddf1fcd792dd559db7401b14a9e702d4af
-
SSDEEP
1536:CqtCCmU/4kuJfLUO7Yri35tAGg1vIc3PsYBq0huFUxOeKH:CqECZfA774DNt3UKrhuT
Malware Config
Targets
-
-
Target
31c68009f7ecf347876b80ea5f1cf54c713a5cbe60386d8e08bf47803dfd763f
-
Size
86KB
-
MD5
491bf00c1929f2b26b0badeb38ebfd46
-
SHA1
28cd844b076e421ff5ff64f582f517f53dcef46d
-
SHA256
31c68009f7ecf347876b80ea5f1cf54c713a5cbe60386d8e08bf47803dfd763f
-
SHA512
e85d07020800696eddeacb3c32e1d4175b7e28b899c01d302f002342259fcb86c2925d299d3387029a0c41eb1c9aa6dd02b176113d1b2b98b1707fd841fa6188
-
SSDEEP
1536:o4yibP4IcW8YEZLjctYoC7xOUlGr2gILtJ8pkKwY85Eonf9rVo2AZISluNV1WPoq:oA0IcphZLHYrqZJlZKp1ZIvMPoOout
Score10/10-
Deletes NTFS Change Journal
The USN change journal is a persistent log of all changes made to local files used by Windows Server systems.
-
Modifies Windows Defender Real-time Protection settings
-
UAC bypass
-
Clears Windows event logs
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Renames multiple (2900) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Disables Task Manager via registry modification
-
Disables taskbar notifications via registry modification
-
Disables use of System Restore points
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Scheduled Task/Job
1Scheduled Task
1Windows Management Instrumentation
1Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Direct Volume Access
1Impair Defenses
2Disable or Modify Tools
2Indicator Removal
4Clear Windows Event Logs
1File Deletion
3Modify Registry
5