Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
78999[1]
-
Size
111KB
-
Sample
240813-sf5mgszgnh
-
MD5
00bb206e6e711332d71b1cb740ed77df
-
SHA1
992bfb30bcf7870a9b20501f4cdc4721a82eb571
-
SHA256
d12d332a503419991743de6755dde8d860a08ef248bd49b7e67da90273655bf4
-
SHA512
1acd4e9d7fc7ddf42fc4b3fed7dace79b957bddb99730567def9e88443a6f6db126cc0af1d861a682117eb06ac93a28db6b564a6bd6193b419da517060e757dd
-
SSDEEP
3072:XywYkVdhEdvYR4NjHQZxxxAMO4Gs4zREx0nZN6EzVtR:C+dhAHNPMO4Gs4zREx0PzN
Static task
static1
Behavioral task
behavioral1
Sample
78999[1].html
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
78999[1].html
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
78999[1]
-
Size
111KB
-
MD5
00bb206e6e711332d71b1cb740ed77df
-
SHA1
992bfb30bcf7870a9b20501f4cdc4721a82eb571
-
SHA256
d12d332a503419991743de6755dde8d860a08ef248bd49b7e67da90273655bf4
-
SHA512
1acd4e9d7fc7ddf42fc4b3fed7dace79b957bddb99730567def9e88443a6f6db126cc0af1d861a682117eb06ac93a28db6b564a6bd6193b419da517060e757dd
-
SSDEEP
3072:XywYkVdhEdvYR4NjHQZxxxAMO4Gs4zREx0nZN6EzVtR:C+dhAHNPMO4Gs4zREx0PzN
Score9/10-
Renames multiple (5907) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-