Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7da74b4b5cbf1cb221543d33a528d1cd4268be43d963d7cb67892d58e3a2ee6f

  • Size

    114KB

  • Sample

    241017-xr7cns1ama

  • MD5

    8c9784aca1a5d6eb97f8b6357c46fd4a

  • SHA1

    96b897856eec88b7bd5d717b88d43b0121bc80b5

  • SHA256

    7da74b4b5cbf1cb221543d33a528d1cd4268be43d963d7cb67892d58e3a2ee6f

  • SHA512

    7096fa6d56efd85ef45e13be5445f55e3b5208e1734a1ca878275ab9128e8836a76456e70aa395c18e7326ebdaa95193c4b702337c25f28b26ef3f17f0e39cdb

  • SSDEEP

    3072:3ewxZTT/x8yWIuqa71FYDh3KCqDXX4amOU8GY/a2Ombl1kAKJYBwVs6i474n+F4C:3emJTWyW+/JYdd+F4ud

Malware Config

Targets

    • Target

      7da74b4b5cbf1cb221543d33a528d1cd4268be43d963d7cb67892d58e3a2ee6f

    • Size

      114KB

    • MD5

      8c9784aca1a5d6eb97f8b6357c46fd4a

    • SHA1

      96b897856eec88b7bd5d717b88d43b0121bc80b5

    • SHA256

      7da74b4b5cbf1cb221543d33a528d1cd4268be43d963d7cb67892d58e3a2ee6f

    • SHA512

      7096fa6d56efd85ef45e13be5445f55e3b5208e1734a1ca878275ab9128e8836a76456e70aa395c18e7326ebdaa95193c4b702337c25f28b26ef3f17f0e39cdb

    • SSDEEP

      3072:3ewxZTT/x8yWIuqa71FYDh3KCqDXX4amOU8GY/a2Ombl1kAKJYBwVs6i474n+F4C:3emJTWyW+/JYdd+F4ud

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (79) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks