Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

4c49d75b4a...44.exe

windows7-x64

10

4c49d75b4a...44.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4c49d75b4a0e0556742d45a1d3bade40f0e43bce7f9b2f1449845a27819e1b44.zip

  • Size

    390KB

  • Sample

    221027-m51f6sbhd9

  • MD5

    ef9f45845f30e4b083eb9e4aca118410

  • SHA1

    ff0512c8471381d940de2789c37fcce5a4ad42da

  • SHA256

    4bca676ffaa2cb5efc21e0de18a6fae4199b8d5ccc77c16a7bd47ce01c05c67c

  • SHA512

    259909c5eca6dce0306b162c02992c9db2a2f62575a0fc8e7a5dfb340206920c5ef02d79d2f160b98698cf5b835717c6bde17ffa24e272bd0c12859d29ef7793

  • SSDEEP

    6144:05YMPOXL7FhMyp5C+FtD+wvHV9MwNBP78iYumSEhY5GvMDRjCEfa8TBi:05Yx70qCEvHV9V+yljVCEfa

Score
10/10
ransomware

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://art-cure.com/upload/ls-sky.exe

Targets

    • Target

      4c49d75b4a0e0556742d45a1d3bade40f0e43bce7f9b2f1449845a27819e1b44.exe

    • Size

      1.3MB

    • MD5

      1413f3a72c00016297bc8744b5810673

    • SHA1

      2e94c7d72488dec9a4e69eb8939129ec1ab8857a

    • SHA256

      4c49d75b4a0e0556742d45a1d3bade40f0e43bce7f9b2f1449845a27819e1b44

    • SHA512

      d21f1f893575039c33614c79725ccd5d1afbb9fd4eb7a2267280188b8cf426f3ed65b3d92688965cda422cf382e632c40d941109fa1da33b49b4e1e0400c3391

    • SSDEEP

      24576:pC4ob9SyKiqD3UIGTMoJamOGRnC9CuQ5O3h3WMtbY:wWiqwI8h3MtbY

    Score
    10/10
    ransomware

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks