Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
24/02/2025, 18:33
250224-w68zdaxpv9 1029/10/2024, 18:04
241029-wn4a6sxfjg 1002/08/2024, 05:04
240802-fqpmssxdpl 9Analysis
-
max time kernel
15s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
24/02/2025, 18:33
Static task
static1
Behavioral task
behavioral1
Sample
QHAccount.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
QHAccount.exe
Resource
win10v2004-20250217-en
General
-
Target
QHAccount.exe
-
Size
2.1MB
-
MD5
57ebf50902949e13220b379c136db8a7
-
SHA1
75d55564986c8fb2d24c2f467e9c0cd2196a2055
-
SHA256
2adcf43d221de2f72ba5088dac3a3193219412882df711d095f04e3f5b40767c
-
SHA512
77d90317289a247c1bda59e378b9073cf2c1a8d30763bd68c33b8a256f1dc2edb1f380dafd1572a2f762a4400f15d52c9375d4314c07faa3f78ee7011508de33
-
SSDEEP
49152:6VkETZV9OLiWLunGxHqsEbtNPDLzA7YzminZ:VETAi4EgHqsEpFL
Malware Config
Signatures
-
BlackSuit
A ransomware first detected in May 2023 linked to the Conti group.
-
Blacksuit_windows family
-
Detects the Windows variant of BlackSuit Ransomware 2 IoCs
resource yara_rule behavioral1/memory/2296-2-0x0000000000320000-0x0000000000379000-memory.dmp family_blacksuit_windows behavioral1/memory/2296-1-0x0000000000320000-0x0000000000379000-memory.dmp family_blacksuit_windows -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language QHAccount.exe