Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df.zip
-
Size
68KB
-
Sample
210610-vhw5g8e9fj
-
MD5
108ecdb8e50ca029a3c49100c7d270c4
-
SHA1
147be17f110f52421910e378cd6ca2f34395f4d8
-
SHA256
3383294e58d3251a4c7be46edf9863c291eef97932a56f0987b0553405d4b608
-
SHA512
771c71eb2de1a4d535a8afae640b2f167d717de4460b8b8462a3634fcd0145d1c65d071235c6b600fb349419a47744eea4d2dbca3fe2e96fdebff5d2c506a84b
Static task
static1
Behavioral task
behavioral1
Sample
d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
Resource
win10v20210410
Malware Config
Extracted
C:\MSOCache\All Users\RyukReadMe.html
ryuk
http://rk2zzyh63g5avvii4irkhymha3irblchdfj7prk6zwy23f6kahidkpqd.onion
Targets
-
-
Target
d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9
-
Size
131KB
-
MD5
2cc630e080bb8de5faf9f5ae87f43f8b
-
SHA1
5a385b8b4b88b6eb93b771b7fbbe190789ef396a
-
SHA256
d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9
-
SHA512
901939718692e20a969887e64db581d6fed62c99026709c672edb75ebfa35ce02fa68308d70d463afbcc42a46e52ea9f7bc5ed93e5dbf3772d221064d88e11d7
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Modifies file permissions
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-