Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

17/03/2025, 15:15

250317-sm4zjasyg1 9

27/01/2025, 19:46

250127-yhdvfatnbr 9

General

  • Target

    1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0

  • Size

    3.0MB

  • Sample

    250127-yhdvfatnbr

  • MD5

    ea128897b942f50524dee89eaa28602e

  • SHA1

    60b79bfdc7e8ff357a95ce0e5d18d7e69ecefedb

  • SHA256

    1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0

  • SHA512

    e0acaf72e50852e708cdbbf936dc884b6c126c0217e41f7125439c15befea7e0c201509bc928381954374f2a6295122fd5614787d9fc5459766f757dcd137a84

  • SSDEEP

    49152:/Q8W7cWu4TqnEU0oMMQZA+Hli8smlmzowBpmKn+2ZlJOtMC2eiCDUSZk8F/gOedr:/Q8ecWTUbrQ7lSawHmCJ+hDUAF/gO497

Malware Config

Targets

    • Target

      1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0

    • Size

      3.0MB

    • MD5

      ea128897b942f50524dee89eaa28602e

    • SHA1

      60b79bfdc7e8ff357a95ce0e5d18d7e69ecefedb

    • SHA256

      1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0

    • SHA512

      e0acaf72e50852e708cdbbf936dc884b6c126c0217e41f7125439c15befea7e0c201509bc928381954374f2a6295122fd5614787d9fc5459766f757dcd137a84

    • SSDEEP

      49152:/Q8W7cWu4TqnEU0oMMQZA+Hli8smlmzowBpmKn+2ZlJOtMC2eiCDUSZk8F/gOedr:/Q8ecWTUbrQ7lSawHmCJ+hDUAF/gO497

    • Renames multiple (1014) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Disables Task Manager via registry modification

    • Drops file in Drivers directory

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks