Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
login
-
Size
27KB
-
Sample
240826-j4xr4svhrr
-
MD5
2093c5aada4eec44295c1442ec13cb0e
-
SHA1
a7291834d8dba9b9babfea50f5e0957911e02094
-
SHA256
73350e37883978db987f11eb0eebd90bf94fc238710cd0265c81c88cfa6808e3
-
SHA512
c2a1dd40e807b9cfef67b4f4b80c1f44db9cd7f3cb4196240e7e184542cdceeef77ee8d667867f0d5732aec11ee9da0e2fbdc5e6d0915f525d0d37bebe30b129
-
SSDEEP
384:ooi9am5v477sGGzK+TpQn7M9cyqy/f2f/Yb6WiZEMuulffGfMfDGCz3syZj5XCqZ:0/+scm2f/Yb6HZuul3UWDGC7syZ9b
Static task
static1
Behavioral task
behavioral1
Sample
login.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
login.html
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
login
-
Size
27KB
-
MD5
2093c5aada4eec44295c1442ec13cb0e
-
SHA1
a7291834d8dba9b9babfea50f5e0957911e02094
-
SHA256
73350e37883978db987f11eb0eebd90bf94fc238710cd0265c81c88cfa6808e3
-
SHA512
c2a1dd40e807b9cfef67b4f4b80c1f44db9cd7f3cb4196240e7e184542cdceeef77ee8d667867f0d5732aec11ee9da0e2fbdc5e6d0915f525d0d37bebe30b129
-
SSDEEP
384:ooi9am5v477sGGzK+TpQn7M9cyqy/f2f/Yb6WiZEMuulffGfMfDGCz3syZj5XCqZ:0/+scm2f/Yb6HZuul3UWDGC7syZ9b
-
Renames multiple (361) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
File and Directory Permissions Modification
1Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1