Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0
-
Size
3.0MB
-
Sample
250127-yhdvfatnbr
-
MD5
ea128897b942f50524dee89eaa28602e
-
SHA1
60b79bfdc7e8ff357a95ce0e5d18d7e69ecefedb
-
SHA256
1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0
-
SHA512
e0acaf72e50852e708cdbbf936dc884b6c126c0217e41f7125439c15befea7e0c201509bc928381954374f2a6295122fd5614787d9fc5459766f757dcd137a84
-
SSDEEP
49152:/Q8W7cWu4TqnEU0oMMQZA+Hli8smlmzowBpmKn+2ZlJOtMC2eiCDUSZk8F/gOedr:/Q8ecWTUbrQ7lSawHmCJ+hDUAF/gO497
Malware Config
Targets
-
-
Target
1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0
-
Size
3.0MB
-
MD5
ea128897b942f50524dee89eaa28602e
-
SHA1
60b79bfdc7e8ff357a95ce0e5d18d7e69ecefedb
-
SHA256
1f7e3eed1b7c423c8d00cc0ae76d4eba6cd98bd7cd12c81e9468414c13dd31e0
-
SHA512
e0acaf72e50852e708cdbbf936dc884b6c126c0217e41f7125439c15befea7e0c201509bc928381954374f2a6295122fd5614787d9fc5459766f757dcd137a84
-
SSDEEP
49152:/Q8W7cWu4TqnEU0oMMQZA+Hli8smlmzowBpmKn+2ZlJOtMC2eiCDUSZk8F/gOedr:/Q8ecWTUbrQ7lSawHmCJ+hDUAF/gO497
Score9/10-
Renames multiple (1014) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-