Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ff727df62c764a2e45c2aa054a169487436d55fcf2d87a9176ecb88b8a11f169
-
Size
21.4MB
-
Sample
240902-qhl7ta1cjk
-
MD5
e659b0b4bfe3c94d56aba89a3ba13469
-
SHA1
04ed5d58fdcf4ef990c3926bdcf7a8ec80488e87
-
SHA256
ff727df62c764a2e45c2aa054a169487436d55fcf2d87a9176ecb88b8a11f169
-
SHA512
ac78777198a3d1dd0e2ce4b201f37b657f0f93501c2fb65f6a789d6171a73c5c4a68a1bb1508439d919293dcb8d48265051f91934dafdae2cced4d7c4cca00ed
-
SSDEEP
393216:niYrtEllu3jb7aEjYxo+Blp/4H8XxJmOpFhAse77XL52T7VXWO4yE9Yusdw:nvr5yv9/hJmQQsCMTRmkE9YfW
Behavioral task
behavioral1
Sample
decc924c5d9724166e627622abfe52636a28c89253307aa88966c70b77a3e1a6.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
decc924c5d9724166e627622abfe52636a28c89253307aa88966c70b77a3e1a6.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
decc924c5d9724166e627622abfe52636a28c89253307aa88966c70b77a3e1a6.exe
-
Size
21.6MB
-
MD5
f627f381233039bae67494833c9c034e
-
SHA1
a70f577fef3a7bd4c59d7c52a273e5a9444c0a3a
-
SHA256
decc924c5d9724166e627622abfe52636a28c89253307aa88966c70b77a3e1a6
-
SHA512
597b7c6c3b8486f2bdab7d8447be87d861dc0fc918615b061bb8888f4b69d5732eea2b8b682e32c67fcb264cee88829a222e75d4e42e542090ab9613ccb90a25
-
SSDEEP
393216:yt1aJNdbPmYRQK7+8KobA50pf0P1y1wwZmUh/lbTtJQlM5GB46LY8kX:yfidbrRQOKoXpfU1CwwZmElP0M5GWhrX
-
Renames multiple (212) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1System Services
2Service Execution
2Persistence
Create or Modify System Process
3Windows Service
3Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
3Windows Service
3Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
1Modify Registry
1