Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3a9e400a82ba9eb1def60b00dba7c8a3ac218387187ff021d6a01413b2f871faN

  • Size

    4.9MB

  • Sample

    241021-c1ry5awcqm

  • MD5

    577e39ec86dc40ba5b4d5f2f72cc86b0

  • SHA1

    478ffeae8689f1bc11dc5e93be201a671b7432db

  • SHA256

    3a9e400a82ba9eb1def60b00dba7c8a3ac218387187ff021d6a01413b2f871fa

  • SHA512

    0fed7ef6faf0fd6ee905356b0faad4fe3a3bc490edac2fdca6b822902be102e70894c65ef88707c0849b54d73e2c0c6ab49cfc4395124c38a894fb0e00ef6033

  • SSDEEP

    49152:9bKpDOfjxAkrQKl+RPAFI1l42m+AIGvyRCgZT63MCELe:0paAKQkroGIC

Malware Config

Targets

    • Target

      3a9e400a82ba9eb1def60b00dba7c8a3ac218387187ff021d6a01413b2f871faN

    • Size

      4.9MB

    • MD5

      577e39ec86dc40ba5b4d5f2f72cc86b0

    • SHA1

      478ffeae8689f1bc11dc5e93be201a671b7432db

    • SHA256

      3a9e400a82ba9eb1def60b00dba7c8a3ac218387187ff021d6a01413b2f871fa

    • SHA512

      0fed7ef6faf0fd6ee905356b0faad4fe3a3bc490edac2fdca6b822902be102e70894c65ef88707c0849b54d73e2c0c6ab49cfc4395124c38a894fb0e00ef6033

    • SSDEEP

      49152:9bKpDOfjxAkrQKl+RPAFI1l42m+AIGvyRCgZT63MCELe:0paAKQkroGIC

    • Renames multiple (316) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks