Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    17d2af1d49eab3e30a2d0177678f0b2bbddae0f7ce7707fbf7206e0eb919cfd7

  • Size

    1.3MB

  • Sample

    241020-xxx17axcqp

  • MD5

    8d799561f8d720d077b883d8250bbc35

  • SHA1

    df98fc43ed1b1df4eb6f48c82312a3a920be6611

  • SHA256

    17d2af1d49eab3e30a2d0177678f0b2bbddae0f7ce7707fbf7206e0eb919cfd7

  • SHA512

    5ba2e5013f64e695672c9d253ad656bf52fc228dc2fe626be140cd719bf7bac2b85434c1a7f5fa7f18792a8b1e144aaf326abf743b6e5097b7d396204055a9c0

  • SSDEEP

    24576:ql7RU/8Z7AVrn5QJXnAg9o9ty31Hebz6BoXDQNK5O8B3wMxWO+e0epkL:qlFUQMVrnylWtyF+/6BIUE5lB3wfuS

Malware Config

Targets

    • Target

      17d2af1d49eab3e30a2d0177678f0b2bbddae0f7ce7707fbf7206e0eb919cfd7

    • Size

      1.3MB

    • MD5

      8d799561f8d720d077b883d8250bbc35

    • SHA1

      df98fc43ed1b1df4eb6f48c82312a3a920be6611

    • SHA256

      17d2af1d49eab3e30a2d0177678f0b2bbddae0f7ce7707fbf7206e0eb919cfd7

    • SHA512

      5ba2e5013f64e695672c9d253ad656bf52fc228dc2fe626be140cd719bf7bac2b85434c1a7f5fa7f18792a8b1e144aaf326abf743b6e5097b7d396204055a9c0

    • SSDEEP

      24576:ql7RU/8Z7AVrn5QJXnAg9o9ty31Hebz6BoXDQNK5O8B3wMxWO+e0epkL:qlFUQMVrnylWtyF+/6BIUE5lB3wfuS

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (63) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks