Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    login

  • Size

    27KB

  • Sample

    240826-j4xr4svhrr

  • MD5

    2093c5aada4eec44295c1442ec13cb0e

  • SHA1

    a7291834d8dba9b9babfea50f5e0957911e02094

  • SHA256

    73350e37883978db987f11eb0eebd90bf94fc238710cd0265c81c88cfa6808e3

  • SHA512

    c2a1dd40e807b9cfef67b4f4b80c1f44db9cd7f3cb4196240e7e184542cdceeef77ee8d667867f0d5732aec11ee9da0e2fbdc5e6d0915f525d0d37bebe30b129

  • SSDEEP

    384:ooi9am5v477sGGzK+TpQn7M9cyqy/f2f/Yb6WiZEMuulffGfMfDGCz3syZj5XCqZ:0/+scm2f/Yb6HZuul3UWDGC7syZ9b

Malware Config

Targets

    • Target

      login

    • Size

      27KB

    • MD5

      2093c5aada4eec44295c1442ec13cb0e

    • SHA1

      a7291834d8dba9b9babfea50f5e0957911e02094

    • SHA256

      73350e37883978db987f11eb0eebd90bf94fc238710cd0265c81c88cfa6808e3

    • SHA512

      c2a1dd40e807b9cfef67b4f4b80c1f44db9cd7f3cb4196240e7e184542cdceeef77ee8d667867f0d5732aec11ee9da0e2fbdc5e6d0915f525d0d37bebe30b129

    • SSDEEP

      384:ooi9am5v477sGGzK+TpQn7M9cyqy/f2f/Yb6WiZEMuulffGfMfDGCz3syZj5XCqZ:0/+scm2f/Yb6HZuul3UWDGC7syZ9b

    • Renames multiple (361) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Downloads MZ/PE file

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Mark of the Web detected: This indicates that the page was originally saved or cloned.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks