Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
HEUR-Trojan.MSIL.Agent.gen-fffc3cd304a280746276a3fa580a08f3de6aa2db4196c28ebd1c905607de0997.exe
-
Size
555KB
-
Sample
220924-lm7l4aahh5
-
MD5
2102422fdf58e1f1ea628e864576f437
-
SHA1
a071690fa220c12e9b5fa85e70dc3e7c42b30893
-
SHA256
fffc3cd304a280746276a3fa580a08f3de6aa2db4196c28ebd1c905607de0997
-
SHA512
9894a54a6c85ce3e087ef6f2a6da1a5744d71667eaa8f17d23985e15c39a425cfe53f838875573e828170ce6d3756618c4b293e3d81dfc7a7a5570daf2c0c2b6
-
SSDEEP
12288:gfp3lxis8EdrQso5hnyRIAPQJno5hnyRIAQg:gfp36sN5snUPjnUQg
Malware Config
Targets
-
-
Target
HEUR-Trojan.MSIL.Agent.gen-fffc3cd304a280746276a3fa580a08f3de6aa2db4196c28ebd1c905607de0997.exe
-
Size
555KB
-
MD5
2102422fdf58e1f1ea628e864576f437
-
SHA1
a071690fa220c12e9b5fa85e70dc3e7c42b30893
-
SHA256
fffc3cd304a280746276a3fa580a08f3de6aa2db4196c28ebd1c905607de0997
-
SHA512
9894a54a6c85ce3e087ef6f2a6da1a5744d71667eaa8f17d23985e15c39a425cfe53f838875573e828170ce6d3756618c4b293e3d81dfc7a7a5570daf2c0c2b6
-
SSDEEP
12288:gfp3lxis8EdrQso5hnyRIAPQJno5hnyRIAQg:gfp36sN5snUPjnUQg
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Clears Windows event logs
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Windows security modification
-
Drops file in System32 directory
-