Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ff727df62c764a2e45c2aa054a169487436d55fcf2d87a9176ecb88b8a11f169

  • Size

    21.4MB

  • Sample

    240902-qhl7ta1cjk

  • MD5

    e659b0b4bfe3c94d56aba89a3ba13469

  • SHA1

    04ed5d58fdcf4ef990c3926bdcf7a8ec80488e87

  • SHA256

    ff727df62c764a2e45c2aa054a169487436d55fcf2d87a9176ecb88b8a11f169

  • SHA512

    ac78777198a3d1dd0e2ce4b201f37b657f0f93501c2fb65f6a789d6171a73c5c4a68a1bb1508439d919293dcb8d48265051f91934dafdae2cced4d7c4cca00ed

  • SSDEEP

    393216:niYrtEllu3jb7aEjYxo+Blp/4H8XxJmOpFhAse77XL52T7VXWO4yE9Yusdw:nvr5yv9/hJmQQsCMTRmkE9YfW

Malware Config

Targets

    • Target

      decc924c5d9724166e627622abfe52636a28c89253307aa88966c70b77a3e1a6.exe

    • Size

      21.6MB

    • MD5

      f627f381233039bae67494833c9c034e

    • SHA1

      a70f577fef3a7bd4c59d7c52a273e5a9444c0a3a

    • SHA256

      decc924c5d9724166e627622abfe52636a28c89253307aa88966c70b77a3e1a6

    • SHA512

      597b7c6c3b8486f2bdab7d8447be87d861dc0fc918615b061bb8888f4b69d5732eea2b8b682e32c67fcb264cee88829a222e75d4e42e542090ab9613ccb90a25

    • SSDEEP

      393216:yt1aJNdbPmYRQK7+8KobA50pf0P1y1wwZmUh/lbTtJQlM5GB46LY8kX:yfidbrRQOKoXpfU1CwwZmElP0M5GWhrX

    • Disables service(s)

    • Renames multiple (212) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Modifies Windows Firewall

    • Stops running service(s)

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks