Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
98a0fe90ef04c3a7503f2b700415a50e62395853bd1bab9e75fbe75999c0769e
-
Size
127KB
-
Sample
220210-ybmtrsagdp
-
MD5
c731cbf04c68430f31ff0ab1b0b1f054
-
SHA1
f3c14e25584475f01f417e3ec45474aa8de4400d
-
SHA256
98a0fe90ef04c3a7503f2b700415a50e62395853bd1bab9e75fbe75999c0769e
-
SHA512
1f188fa26c4554f4c3fdb73ea7c105b76a354f6444f4977eee5fc0b31df9b880118e912bb86bdf93874c55b081713ae51b32115ab600bdeda0ec62e61f3b7b61
Static task
static1
Behavioral task
behavioral1
Sample
98a0fe90ef04c3a7503f2b700415a50e62395853bd1bab9e75fbe75999c0769e.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
98a0fe90ef04c3a7503f2b700415a50e62395853bd1bab9e75fbe75999c0769e.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
C:\Users\Admin\RECOVERY INFORMATION.txt
Extracted
C:\Program Files\RECOVERY INFORMATION.txt
Targets
-
-
Target
98a0fe90ef04c3a7503f2b700415a50e62395853bd1bab9e75fbe75999c0769e
-
Size
127KB
-
MD5
c731cbf04c68430f31ff0ab1b0b1f054
-
SHA1
f3c14e25584475f01f417e3ec45474aa8de4400d
-
SHA256
98a0fe90ef04c3a7503f2b700415a50e62395853bd1bab9e75fbe75999c0769e
-
SHA512
1f188fa26c4554f4c3fdb73ea7c105b76a354f6444f4977eee5fc0b31df9b880118e912bb86bdf93874c55b081713ae51b32115ab600bdeda0ec62e61f3b7b61
Score10/10-
Modifies boot configuration data using bcdedit
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-