Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

RenderGrap...in.exe

windows7_x64

10

RenderGrap...in.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RenderGraphics.bin

  • Size

    1006KB

  • Sample

    210218-rkjkj6klle

  • MD5

    46a1769d81d7dcda455f0f05b9b29648

  • SHA1

    4d56dffea9d04ee8ed174f1b3328675daf4be7b1

  • SHA256

    9e4f1334d3712298cb3d18e38cd954c893c890d09ad457683c8d7956a9bdb635

  • SHA512

    8c8ed91b996f84807be1337fe770db4eadd0a7da00fe0545f6de86bd577054dc9a3df22cd81e25ffb4f1ea3e7642409ff9e01a57c582abb099719b069c9fc193

Score
10/10
evasionransomwarespywaretrojanupx

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://cdn-35.anonfiles.com/9821W1G5p3/8a0b1f8a-1613613819/gameover.exe

Targets

    • Target

      RenderGraphics.bin

    • Size

      1006KB

    • MD5

      46a1769d81d7dcda455f0f05b9b29648

    • SHA1

      4d56dffea9d04ee8ed174f1b3328675daf4be7b1

    • SHA256

      9e4f1334d3712298cb3d18e38cd954c893c890d09ad457683c8d7956a9bdb635

    • SHA512

      8c8ed91b996f84807be1337fe770db4eadd0a7da00fe0545f6de86bd577054dc9a3df22cd81e25ffb4f1ea3e7642409ff9e01a57c582abb099719b069c9fc193

    Score
    10/10
    evasionransomwarespywaretrojanupx

    • UAC bypass

      evasiontrojan

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Blocklisted process makes network request

    • Disables Task Manager via registry modification

      evasion

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks