Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
aff17_load_priority_f.exe
-
Size
385KB
-
Sample
221018-nf9h8afham
-
MD5
8c50ab521ac15859a58e67f3f763e9d2
-
SHA1
80c15b88d6556fb8462b9a89ee88c38db7b5b3ff
-
SHA256
55aa5e191a82d31ff9eb2ac6937895dec35c248cd8b346c50e1ba24e8eaba7b3
-
SHA512
2c61b389d75845c14d889cb7977b3d61efc0fda88f3722a602694bac3fe9d63d2f7b439c4a948d20f4a81fe910ea2fb3166d24ae3b989139ebb053e0097481f5
-
SSDEEP
3072:QQD/XygRxLw/mxA+PwkvhHB7V4hmszU1akCwVMgTorYkxHXEh8jE63uw7E2m4huP:QArRpw/mxA+ZxB54q/VrkHX2jA+GI3
Static task
static1
Behavioral task
behavioral1
Sample
aff17_load_priority_f.exe
Resource
win10-20220812-en
Behavioral task
behavioral2
Sample
aff17_load_priority_f.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
aff17_load_priority_f.exe
-
Size
385KB
-
MD5
8c50ab521ac15859a58e67f3f763e9d2
-
SHA1
80c15b88d6556fb8462b9a89ee88c38db7b5b3ff
-
SHA256
55aa5e191a82d31ff9eb2ac6937895dec35c248cd8b346c50e1ba24e8eaba7b3
-
SHA512
2c61b389d75845c14d889cb7977b3d61efc0fda88f3722a602694bac3fe9d63d2f7b439c4a948d20f4a81fe910ea2fb3166d24ae3b989139ebb053e0097481f5
-
SSDEEP
3072:QQD/XygRxLw/mxA+PwkvhHB7V4hmszU1akCwVMgTorYkxHXEh8jE63uw7E2m4huP:QArRpw/mxA+ZxB54q/VrkHX2jA+GI3
Score8/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops desktop.ini file(s)
-