Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    647e943a54e20c9bc3fbcac095367372d8bafc3df9e1aa79deca02949c4e3aaa

  • Size

    571KB

  • Sample

    241025-2dhvdaxalr

  • MD5

    1f5275604c79fdcdd86c303ac002598b

  • SHA1

    a1f2afb44dd4eadf1ce4970150deb5230624e629

  • SHA256

    647e943a54e20c9bc3fbcac095367372d8bafc3df9e1aa79deca02949c4e3aaa

  • SHA512

    245b63fac07f092ca0918b6a15a90075dc50d898dcb942e01371f21b0e43b852a582dd157256cab166d5b4009e58daa733a345bc69542bb9048c3aff2759df3f

  • SSDEEP

    12288:ipZnCFK39041lIAMlXI2kxsQu3yRCXRh/9oE6mnyUSLWc+qWi:2+C900lcX2xsQuhaVmyDCcV

Malware Config

Targets

    • Target

      647e943a54e20c9bc3fbcac095367372d8bafc3df9e1aa79deca02949c4e3aaa

    • Size

      571KB

    • MD5

      1f5275604c79fdcdd86c303ac002598b

    • SHA1

      a1f2afb44dd4eadf1ce4970150deb5230624e629

    • SHA256

      647e943a54e20c9bc3fbcac095367372d8bafc3df9e1aa79deca02949c4e3aaa

    • SHA512

      245b63fac07f092ca0918b6a15a90075dc50d898dcb942e01371f21b0e43b852a582dd157256cab166d5b4009e58daa733a345bc69542bb9048c3aff2759df3f

    • SSDEEP

      12288:ipZnCFK39041lIAMlXI2kxsQu3yRCXRh/9oE6mnyUSLWc+qWi:2+C900lcX2xsQuhaVmyDCcV

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (89) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks