Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    34bbcb742885d412f02ea9243db181e00446beee94228835bb7f9c8c321943deN

  • Size

    565KB

  • Sample

    241020-yg7fcsydln

  • MD5

    2542c503d7a79640dc8f294e1b230c10

  • SHA1

    bab6ada0d869abcba56a0fdc00a919d47431c078

  • SHA256

    34bbcb742885d412f02ea9243db181e00446beee94228835bb7f9c8c321943de

  • SHA512

    da59ed0d9bbded91741a6ec8c2c4f9ee9da6862060fa3fefab08eff11082b847ecbacd8639870e05fe6e52123da77e50f0c7174e9602eb142b9121f036d6a168

  • SSDEEP

    12288:hbruZmkaDsrM+3s3S5hhrNoptupEPCKLYZ6X0hil1cAGfreDx+:hWmBDsrMQUSPX4tsOVLYZ6X0hiPcAGzq

Malware Config

Targets

    • Target

      34bbcb742885d412f02ea9243db181e00446beee94228835bb7f9c8c321943deN

    • Size

      565KB

    • MD5

      2542c503d7a79640dc8f294e1b230c10

    • SHA1

      bab6ada0d869abcba56a0fdc00a919d47431c078

    • SHA256

      34bbcb742885d412f02ea9243db181e00446beee94228835bb7f9c8c321943de

    • SHA512

      da59ed0d9bbded91741a6ec8c2c4f9ee9da6862060fa3fefab08eff11082b847ecbacd8639870e05fe6e52123da77e50f0c7174e9602eb142b9121f036d6a168

    • SSDEEP

      12288:hbruZmkaDsrM+3s3S5hhrNoptupEPCKLYZ6X0hil1cAGfreDx+:hWmBDsrMQUSPX4tsOVLYZ6X0hiPcAGzq

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (90) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks