Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d080c86d7cdc2077a5ee7af04f8f1551f9cb5c3ddc5ec9e0aebf3000e80f9400

  • Size

    2.1MB

  • Sample

    241016-gasvyszarn

  • MD5

    a046d88f620fb1752cc7b10d640b4036

  • SHA1

    7a92f4bd109b959d8b4d6f16eb6e8e09c7188460

  • SHA256

    d080c86d7cdc2077a5ee7af04f8f1551f9cb5c3ddc5ec9e0aebf3000e80f9400

  • SHA512

    7192628c85bc521bcb6ef427a65e21f03c45f0fb5500f0510560bc7f7ce9c423e8984a734fa6eb9e00a6172fd08d565032fb6ec63b8c0a8f9287db267035444c

  • SSDEEP

    49152:9GzNDS5lSVnqqr9wJI6S7RSSon9X6f4IeY0+h1s410I1xIdcxyNt:SNDS5lSVnq29lFHon9X5Iddq41Lxry

Malware Config

Targets

    • Target

      d080c86d7cdc2077a5ee7af04f8f1551f9cb5c3ddc5ec9e0aebf3000e80f9400

    • Size

      2.1MB

    • MD5

      a046d88f620fb1752cc7b10d640b4036

    • SHA1

      7a92f4bd109b959d8b4d6f16eb6e8e09c7188460

    • SHA256

      d080c86d7cdc2077a5ee7af04f8f1551f9cb5c3ddc5ec9e0aebf3000e80f9400

    • SHA512

      7192628c85bc521bcb6ef427a65e21f03c45f0fb5500f0510560bc7f7ce9c423e8984a734fa6eb9e00a6172fd08d565032fb6ec63b8c0a8f9287db267035444c

    • SSDEEP

      49152:9GzNDS5lSVnqqr9wJI6S7RSSon9X6f4IeY0+h1s410I1xIdcxyNt:SNDS5lSVnq29lFHon9X5Iddq41Lxry

    • Renames multiple (318) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks