Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
17d2af1d49eab3e30a2d0177678f0b2bbddae0f7ce7707fbf7206e0eb919cfd7
-
Size
1.3MB
-
Sample
241020-xv5cgsvglb
-
MD5
8d799561f8d720d077b883d8250bbc35
-
SHA1
df98fc43ed1b1df4eb6f48c82312a3a920be6611
-
SHA256
17d2af1d49eab3e30a2d0177678f0b2bbddae0f7ce7707fbf7206e0eb919cfd7
-
SHA512
5ba2e5013f64e695672c9d253ad656bf52fc228dc2fe626be140cd719bf7bac2b85434c1a7f5fa7f18792a8b1e144aaf326abf743b6e5097b7d396204055a9c0
-
SSDEEP
24576:ql7RU/8Z7AVrn5QJXnAg9o9ty31Hebz6BoXDQNK5O8B3wMxWO+e0epkL:qlFUQMVrnylWtyF+/6BIUE5lB3wfuS
Static task
static1
Behavioral task
behavioral1
Sample
17d2af1d49eab3e30a2d0177678f0b2bbddae0f7ce7707fbf7206e0eb919cfd7.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
17d2af1d49eab3e30a2d0177678f0b2bbddae0f7ce7707fbf7206e0eb919cfd7.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
17d2af1d49eab3e30a2d0177678f0b2bbddae0f7ce7707fbf7206e0eb919cfd7
-
Size
1.3MB
-
MD5
8d799561f8d720d077b883d8250bbc35
-
SHA1
df98fc43ed1b1df4eb6f48c82312a3a920be6611
-
SHA256
17d2af1d49eab3e30a2d0177678f0b2bbddae0f7ce7707fbf7206e0eb919cfd7
-
SHA512
5ba2e5013f64e695672c9d253ad656bf52fc228dc2fe626be140cd719bf7bac2b85434c1a7f5fa7f18792a8b1e144aaf326abf743b6e5097b7d396204055a9c0
-
SSDEEP
24576:ql7RU/8Z7AVrn5QJXnAg9o9ty31Hebz6BoXDQNK5O8B3wMxWO+e0epkL:qlFUQMVrnylWtyF+/6BIUE5lB3wfuS
-
Modifies visibility of file extensions in Explorer
-
Renames multiple (61) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1