Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ed12976c1d2d586dc8d84a82a3b25b87ee6cbb340465d25798b9e741058ae9abN

  • Size

    4.3MB

  • Sample

    241020-ystzeazajk

  • MD5

    8c776ea2aec3c9b704da3acb137cd820

  • SHA1

    986fa7cc6406588ba48e19cf58bc9c1ff90f2ce6

  • SHA256

    ed12976c1d2d586dc8d84a82a3b25b87ee6cbb340465d25798b9e741058ae9ab

  • SHA512

    7e1b1a93d2adf79d3e16d2533fb7ee0902db7a66ff688226d4ad2e9a475d9d4dfb3124b5c2cc711de6a4f63d81394de0681b2201e07cc0e9cbf964ab5ca8f532

  • SSDEEP

    98304:TB/TgodszzcYMmAfWfEUAKvZ1Xn3t3n5Owwr549ifw:d/Tg5zdU7CH3t35wr54k

Malware Config

Targets

    • Target

      ed12976c1d2d586dc8d84a82a3b25b87ee6cbb340465d25798b9e741058ae9abN

    • Size

      4.3MB

    • MD5

      8c776ea2aec3c9b704da3acb137cd820

    • SHA1

      986fa7cc6406588ba48e19cf58bc9c1ff90f2ce6

    • SHA256

      ed12976c1d2d586dc8d84a82a3b25b87ee6cbb340465d25798b9e741058ae9ab

    • SHA512

      7e1b1a93d2adf79d3e16d2533fb7ee0902db7a66ff688226d4ad2e9a475d9d4dfb3124b5c2cc711de6a4f63d81394de0681b2201e07cc0e9cbf964ab5ca8f532

    • SSDEEP

      98304:TB/TgodszzcYMmAfWfEUAKvZ1Xn3t3n5Owwr549ifw:d/Tg5zdU7CH3t35wr54k

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (55) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks