Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

wastlock_15.exe

windows7_x64

10

wastlock_15.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    wastlock_15.exe

  • Size

    1.1MB

  • Sample

    200831-5g6hq8r68a

  • MD5

    f67ea8e471e827e4b7b65b65647d1d46

  • SHA1

    e62d3a4fe0da1b1b8e9bcff3148becd6d02bcb07

  • SHA256

    e3bf41de3a7edf556d43b6196652aa036e48a602bb3f7c98af9dae992222a8eb

  • SHA512

    b6b2cc29a5c5247d4a68ec7e7d0080e2f6e460eee98ece85498fe25b044beea8d3e15139bcdbaad744c6fb3e9caff7a127bd4487ba35c191a57883e2b47aecc4

Score
10/10
wastedlockerdiscoveryexploitpersistenceransomware

Malware Config

Targets

    • Target

      wastlock_15.exe

    • Size

      1.1MB

    • MD5

      f67ea8e471e827e4b7b65b65647d1d46

    • SHA1

      e62d3a4fe0da1b1b8e9bcff3148becd6d02bcb07

    • SHA256

      e3bf41de3a7edf556d43b6196652aa036e48a602bb3f7c98af9dae992222a8eb

    • SHA512

      b6b2cc29a5c5247d4a68ec7e7d0080e2f6e460eee98ece85498fe25b044beea8d3e15139bcdbaad744c6fb3e9caff7a127bd4487ba35c191a57883e2b47aecc4

    Score
    10/10
    discoveryexploitransomwarewastedlockerpersistence

    • WastedLocker

      Ransomware family seen in the wild since May 2020.

      ransomwarewastedlocker

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Possible privilege escalation attempt

      exploit

    • Deletes itself

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Drops file in System32 directory

    • Modifies service

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks