Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
49037200d617b69a161b94bed0c609f20e655ca896d695b7de4cc0a5a7236297
-
Size
504KB
-
Sample
221011-ntvxzscgcp
-
MD5
63af7fee2f39d6064aa58cd616f97400
-
SHA1
a82451a52cc6d59acc301c8dbd4f9c30c1884f4e
-
SHA256
49037200d617b69a161b94bed0c609f20e655ca896d695b7de4cc0a5a7236297
-
SHA512
51471996cca503e9523dd084c65ba0c9a431c0dd262ae1d60cb4214343e20bd4acbc7a4e9c8884c692a074113089c8cdaf5e7eedd267f1ebb90699f14a92a14e
-
SSDEEP
12288:LFA01s79ob0Ux+DMzyAtP5Q5xEzCIyVHkZvFZT/jD5m69:nO9oAa9yV5xEzCXVHINZo69
Static task
static1
Behavioral task
behavioral1
Sample
49037200d617b69a161b94bed0c609f20e655ca896d695b7de4cc0a5a7236297.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
49037200d617b69a161b94bed0c609f20e655ca896d695b7de4cc0a5a7236297.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
49037200d617b69a161b94bed0c609f20e655ca896d695b7de4cc0a5a7236297
-
Size
504KB
-
MD5
63af7fee2f39d6064aa58cd616f97400
-
SHA1
a82451a52cc6d59acc301c8dbd4f9c30c1884f4e
-
SHA256
49037200d617b69a161b94bed0c609f20e655ca896d695b7de4cc0a5a7236297
-
SHA512
51471996cca503e9523dd084c65ba0c9a431c0dd262ae1d60cb4214343e20bd4acbc7a4e9c8884c692a074113089c8cdaf5e7eedd267f1ebb90699f14a92a14e
-
SSDEEP
12288:LFA01s79ob0Ux+DMzyAtP5Q5xEzCIyVHkZvFZT/jD5m69:nO9oAa9yV5xEzCXVHINZo69
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-