Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3a6d5694eec724726efa3327a50fad3efdc623c08d647b51e51cd578bddda3da.exe
-
Size
624KB
-
Sample
250126-d3m9dssjep
-
MD5
a6980e543efa40771ed1dcf84b29d732
-
SHA1
6586b2155afa5d7cda5cd3f8a7af37c4fe126a1d
-
SHA256
3a6d5694eec724726efa3327a50fad3efdc623c08d647b51e51cd578bddda3da
-
SHA512
d1ca8724c8879442907b7e45b59b954100ada37e036aa17496920a9783eb0738ff51831854acc8cafd805c116bfea47a903270fec74949f10b36eddf971ac06f
-
SSDEEP
12288:/ktG6SXJb0DdQ0k0HGzZbkh0wchQ5HYaIhadnR/t256S5AA2Ltyaxn1gUEEkfTSX:kS9JmVSvGWEAng/qwnYPRslWPLu1
Malware Config
Targets
-
-
Target
3a6d5694eec724726efa3327a50fad3efdc623c08d647b51e51cd578bddda3da.exe
-
Size
624KB
-
MD5
a6980e543efa40771ed1dcf84b29d732
-
SHA1
6586b2155afa5d7cda5cd3f8a7af37c4fe126a1d
-
SHA256
3a6d5694eec724726efa3327a50fad3efdc623c08d647b51e51cd578bddda3da
-
SHA512
d1ca8724c8879442907b7e45b59b954100ada37e036aa17496920a9783eb0738ff51831854acc8cafd805c116bfea47a903270fec74949f10b36eddf971ac06f
-
SSDEEP
12288:/ktG6SXJb0DdQ0k0HGzZbkh0wchQ5HYaIhadnR/t256S5AA2Ltyaxn1gUEEkfTSX:kS9JmVSvGWEAng/qwnYPRslWPLu1
Score10/10-
Medusa Ransomware
Ransomware first identified in 2022 that is distinct from the similarly named ransomware family MedusaLocker.
-
Medusaransomware family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (8832) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Network Share Discovery
Attempt to gather information on host network.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Direct Volume Access
1Indicator Removal
2File Deletion
2Modify Registry
1Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Network Share Discovery
1Peripheral Device Discovery
1Query Registry
1Remote System Discovery
1System Information Discovery
1System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1