Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fdaf0c004606521918d2dd481ef53c276ae151c0d452e38053b53d80282abd56
-
Size
509KB
-
Sample
221003-xbvzpsbbc7
-
MD5
56e52149b4259610a4d13d8b5d5eebc0
-
SHA1
0d5ef726dc70c2042d40eab6fc9a0190277e7b4b
-
SHA256
fdaf0c004606521918d2dd481ef53c276ae151c0d452e38053b53d80282abd56
-
SHA512
e3d99ac7f93196eddfd16dd2e321cbd21b2f506c467fbc16467de1172fb8fabc43058542899150d20880a94d4be8c06c203f4e85bd5dca2033773e9e772a8299
-
SSDEEP
12288:gbXvc2NgoQLebpdCxYIROscqKHmRMX+X1yEwYQg:2fyqpdMYIqHsMaEEwYQg
Static task
static1
Behavioral task
behavioral1
Sample
fdaf0c004606521918d2dd481ef53c276ae151c0d452e38053b53d80282abd56.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
fdaf0c004606521918d2dd481ef53c276ae151c0d452e38053b53d80282abd56.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
fdaf0c004606521918d2dd481ef53c276ae151c0d452e38053b53d80282abd56
-
Size
509KB
-
MD5
56e52149b4259610a4d13d8b5d5eebc0
-
SHA1
0d5ef726dc70c2042d40eab6fc9a0190277e7b4b
-
SHA256
fdaf0c004606521918d2dd481ef53c276ae151c0d452e38053b53d80282abd56
-
SHA512
e3d99ac7f93196eddfd16dd2e321cbd21b2f506c467fbc16467de1172fb8fabc43058542899150d20880a94d4be8c06c203f4e85bd5dca2033773e9e772a8299
-
SSDEEP
12288:gbXvc2NgoQLebpdCxYIROscqKHmRMX+X1yEwYQg:2fyqpdMYIqHsMaEEwYQg
Score10/10-
Modifies visibility of file extensions in Explorer
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-