Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    136045b8a44dc4f07afedc76ce86b9bffc1a33d82fcf87ea5907dee8db52cff2N

  • Size

    4.9MB

  • Sample

    241021-cm1dcavgqj

  • MD5

    1ab5520e9964683de145d144f3956660

  • SHA1

    d092f1837bbe9e5598a971f72ab8d77275573667

  • SHA256

    136045b8a44dc4f07afedc76ce86b9bffc1a33d82fcf87ea5907dee8db52cff2

  • SHA512

    0912e31a346a5a4b18450ed5fa90a652e9b1bca4f97c50bd06a7357e019e07803da9d5581c3dc140b760e68f56ce8fb698ff16c34677a9ddfa422294fea1564e

  • SSDEEP

    49152:9mREqNZcBpeapeApIDn0apLKkLJU9nU2foKhA4vSWidGHp+NDGQUzbpDOfjxAkrh:Ypv/LK3BDhtvS0Hpe4zbpaAKQkroGIC

Malware Config

Targets

    • Target

      136045b8a44dc4f07afedc76ce86b9bffc1a33d82fcf87ea5907dee8db52cff2N

    • Size

      4.9MB

    • MD5

      1ab5520e9964683de145d144f3956660

    • SHA1

      d092f1837bbe9e5598a971f72ab8d77275573667

    • SHA256

      136045b8a44dc4f07afedc76ce86b9bffc1a33d82fcf87ea5907dee8db52cff2

    • SHA512

      0912e31a346a5a4b18450ed5fa90a652e9b1bca4f97c50bd06a7357e019e07803da9d5581c3dc140b760e68f56ce8fb698ff16c34677a9ddfa422294fea1564e

    • SSDEEP

      49152:9mREqNZcBpeapeApIDn0apLKkLJU9nU2foKhA4vSWidGHp+NDGQUzbpDOfjxAkrh:Ypv/LK3BDhtvS0Hpe4zbpaAKQkroGIC

    • Renames multiple (316) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks