Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
scenario_231707___9de0b4a3-48e8-4159-835e-c297a9cc8a10.exe
-
Size
145KB
-
Sample
240905-q2rawasbmk
-
MD5
df4bc2d3af251226e87d4ebb11ffd1fc
-
SHA1
c0853df9624e7c78cba2c0b8e829d83af33c0e55
-
SHA256
eb8ed3b94fa978b27a02754d4f41ffc95ed95b9e62afb492015d0eb25f89956f
-
SHA512
a9531e6e8b8dd0405319259cf82b5655f9aec39fcb31b67d7d79c2f595215aa3a9d7630aab36cfd8488aa7c3bfa793340d14fdf858f7397dd4978b8c357b79c9
-
SSDEEP
3072:NIEhL8Hzo1GbR8oxQPRyXfzQKqQ2oVEROt:WKSeGS+hXff2E
Static task
static1
Behavioral task
behavioral1
Sample
scenario_231707___9de0b4a3-48e8-4159-835e-c297a9cc8a10.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
scenario_231707___9de0b4a3-48e8-4159-835e-c297a9cc8a10.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
C:\Program Files\7-Zip\!!readme!!!.txt
underground
http://undgrddapc4reaunnrdrmnagvdelqfvmgycuvilgwb5uxm25sxawaoqd.onion/
Targets
-
-
Target
scenario_231707___9de0b4a3-48e8-4159-835e-c297a9cc8a10.exe
-
Size
145KB
-
MD5
df4bc2d3af251226e87d4ebb11ffd1fc
-
SHA1
c0853df9624e7c78cba2c0b8e829d83af33c0e55
-
SHA256
eb8ed3b94fa978b27a02754d4f41ffc95ed95b9e62afb492015d0eb25f89956f
-
SHA512
a9531e6e8b8dd0405319259cf82b5655f9aec39fcb31b67d7d79c2f595215aa3a9d7630aab36cfd8488aa7c3bfa793340d14fdf858f7397dd4978b8c357b79c9
-
SSDEEP
3072:NIEhL8Hzo1GbR8oxQPRyXfzQKqQ2oVEROt:WKSeGS+hXff2E
-
Underground Team
Underground Team is a ransomware first seen in July 2023 that is primarily distriuted via exploting vulnerabilities.
-
Clears Windows event logs
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops desktop.ini file(s)
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-