Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c0ae54200e6c96bb5a031dd5c29cf7a0N.exe

  • Size

    72KB

  • Sample

    240911-w6aftawfjb

  • MD5

    c0ae54200e6c96bb5a031dd5c29cf7a0

  • SHA1

    fe9fd2d81b7b154d66a9a1a50a31b30ac1f33082

  • SHA256

    a1a09df3b63ebba08a2f018debd0b5ae50cc80465b7d599108dd410874a6cb57

  • SHA512

    2afc9b79a9d3d1a8dc13dc8e831b3206baa86417a27adc3122a6787809a6433aa6574a77886a0a684f74d393cc620cea9684efaf05c20943d72416adba6925f5

  • SSDEEP

    1536:CTW7JJZENTNyoKIKMwTW7JJZENTNyoKIKMr:htE5KIKMtE5KIKA

Malware Config

Targets

    • Target

      c0ae54200e6c96bb5a031dd5c29cf7a0N.exe

    • Size

      72KB

    • MD5

      c0ae54200e6c96bb5a031dd5c29cf7a0

    • SHA1

      fe9fd2d81b7b154d66a9a1a50a31b30ac1f33082

    • SHA256

      a1a09df3b63ebba08a2f018debd0b5ae50cc80465b7d599108dd410874a6cb57

    • SHA512

      2afc9b79a9d3d1a8dc13dc8e831b3206baa86417a27adc3122a6787809a6433aa6574a77886a0a684f74d393cc620cea9684efaf05c20943d72416adba6925f5

    • SSDEEP

      1536:CTW7JJZENTNyoKIKMwTW7JJZENTNyoKIKMr:htE5KIKMtE5KIKA

    • Renames multiple (4088) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks