Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1995a2bc8ec1fb8f574aefa1ac18e530N.exe

  • Size

    83KB

  • Sample

    240801-256era1gpl

  • MD5

    1995a2bc8ec1fb8f574aefa1ac18e530

  • SHA1

    70ffa0722648e4875573d1acb46526ce753b10d7

  • SHA256

    44fce4ffb0e846eef15aadc02bf940b56d7c1ff5c61a948d9b082ab6b831c997

  • SHA512

    c26ab3b85b5a58f7f1c85349d43562311f100beebe517e0dddd150399b61678312b2d1c48efcfd1921dde9b2ca2b473e114818297ec7189316fc92174b74c244

  • SSDEEP

    1536:V7Zf/FAxTWoJJZENTNyE7Zf/FAxTWoJJZENTNyk:fny1tE7ny1tEP

Malware Config

Targets

    • Target

      1995a2bc8ec1fb8f574aefa1ac18e530N.exe

    • Size

      83KB

    • MD5

      1995a2bc8ec1fb8f574aefa1ac18e530

    • SHA1

      70ffa0722648e4875573d1acb46526ce753b10d7

    • SHA256

      44fce4ffb0e846eef15aadc02bf940b56d7c1ff5c61a948d9b082ab6b831c997

    • SHA512

      c26ab3b85b5a58f7f1c85349d43562311f100beebe517e0dddd150399b61678312b2d1c48efcfd1921dde9b2ca2b473e114818297ec7189316fc92174b74c244

    • SSDEEP

      1536:V7Zf/FAxTWoJJZENTNyE7Zf/FAxTWoJJZENTNyk:fny1tE7ny1tEP

    • Renames multiple (4849) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks