Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

aff17_load..._f.exe

windows10-1703-x64

8

aff17_load..._f.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aff17_load_priority_f.exe

  • Size

    385KB

  • Sample

    221018-nf9h8afham

  • MD5

    8c50ab521ac15859a58e67f3f763e9d2

  • SHA1

    80c15b88d6556fb8462b9a89ee88c38db7b5b3ff

  • SHA256

    55aa5e191a82d31ff9eb2ac6937895dec35c248cd8b346c50e1ba24e8eaba7b3

  • SHA512

    2c61b389d75845c14d889cb7977b3d61efc0fda88f3722a602694bac3fe9d63d2f7b439c4a948d20f4a81fe910ea2fb3166d24ae3b989139ebb053e0097481f5

  • SSDEEP

    3072:QQD/XygRxLw/mxA+PwkvhHB7V4hmszU1akCwVMgTorYkxHXEh8jE63uw7E2m4huP:QArRpw/mxA+ZxB54q/VrkHX2jA+GI3

Score
8/10
ransomware

Malware Config

Targets

    • Target

      aff17_load_priority_f.exe

    • Size

      385KB

    • MD5

      8c50ab521ac15859a58e67f3f763e9d2

    • SHA1

      80c15b88d6556fb8462b9a89ee88c38db7b5b3ff

    • SHA256

      55aa5e191a82d31ff9eb2ac6937895dec35c248cd8b346c50e1ba24e8eaba7b3

    • SHA512

      2c61b389d75845c14d889cb7977b3d61efc0fda88f3722a602694bac3fe9d63d2f7b439c4a948d20f4a81fe910ea2fb3166d24ae3b989139ebb053e0097481f5

    • SSDEEP

      3072:QQD/XygRxLw/mxA+PwkvhHB7V4hmszU1akCwVMgTorYkxHXEh8jE63uw7E2m4huP:QArRpw/mxA+ZxB54q/VrkHX2jA+GI3

    Score
    8/10
    ransomware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks