Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9fddf73c95e355273e5b2b00f1c668d8076627415d5c28fc9817919b3c096021

  • Size

    205KB

  • Sample

    241016-cbazba1dqq

  • MD5

    3c7c257e9ce558165c72b6b2ac16122f

  • SHA1

    89bab82778f7b43f2b1aca09b8992a20dd57b2e7

  • SHA256

    9fddf73c95e355273e5b2b00f1c668d8076627415d5c28fc9817919b3c096021

  • SHA512

    8275a23fd9e2b98681ff01b30429650ab17e084747d3165d03d2f98039a297ba4f8430a8f198331fa5674c025ac91095b89155c81c465b0d3a68b1bd2746c13f

  • SSDEEP

    6144:kj46aNOd8CseKuNhGQ10QpVRnr8CH7TAnKrIN2l0+VeYTvSM:Y46a08CseKuNht10QXRnr8CH7TAyIBcl

Malware Config

Targets

    • Target

      9fddf73c95e355273e5b2b00f1c668d8076627415d5c28fc9817919b3c096021

    • Size

      205KB

    • MD5

      3c7c257e9ce558165c72b6b2ac16122f

    • SHA1

      89bab82778f7b43f2b1aca09b8992a20dd57b2e7

    • SHA256

      9fddf73c95e355273e5b2b00f1c668d8076627415d5c28fc9817919b3c096021

    • SHA512

      8275a23fd9e2b98681ff01b30429650ab17e084747d3165d03d2f98039a297ba4f8430a8f198331fa5674c025ac91095b89155c81c465b0d3a68b1bd2746c13f

    • SSDEEP

      6144:kj46aNOd8CseKuNhGQ10QpVRnr8CH7TAnKrIN2l0+VeYTvSM:Y46a08CseKuNht10QXRnr8CH7TAyIBcl

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (59) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks