Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e8281ce169d3b0cac2c458be6b6abf80N.exe

  • Size

    78KB

  • Sample

    240829-qw257awemr

  • MD5

    e8281ce169d3b0cac2c458be6b6abf80

  • SHA1

    f042a34c122259a3671f1f787c082660d044d4bb

  • SHA256

    a1b0665beddd5d8692e0d1773ab2124b537fcb9ef940fd97972f95ad97fa8287

  • SHA512

    d78673ac22eb6408f9fa15ebed9ca5cfafb6cafa3055c173af389c04149fceac7ff1d8a2e032885159a1a59c871337c0caa2a7949aad1bacd6f5b2f768993f16

  • SSDEEP

    1536:CTW7JJZENTNyl2Sm0mSWbWLTW7JJZENTNyl2Sm0mSWbWx6B:htE42HtE429

Malware Config

Targets

    • Target

      e8281ce169d3b0cac2c458be6b6abf80N.exe

    • Size

      78KB

    • MD5

      e8281ce169d3b0cac2c458be6b6abf80

    • SHA1

      f042a34c122259a3671f1f787c082660d044d4bb

    • SHA256

      a1b0665beddd5d8692e0d1773ab2124b537fcb9ef940fd97972f95ad97fa8287

    • SHA512

      d78673ac22eb6408f9fa15ebed9ca5cfafb6cafa3055c173af389c04149fceac7ff1d8a2e032885159a1a59c871337c0caa2a7949aad1bacd6f5b2f768993f16

    • SSDEEP

      1536:CTW7JJZENTNyl2Sm0mSWbWLTW7JJZENTNyl2Sm0mSWbWx6B:htE42HtE429

    • Renames multiple (4453) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks