Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e0503657edff47af6c9bb45750bf8ce22e30119ccee49b99636267342ce4756f
-
Size
542KB
-
Sample
221030-cktssahbdq
-
MD5
8474d3bfa94cf0503791e95995d5ed90
-
SHA1
c6f2268051897fc2d870001f1a9cc07ebfa14a59
-
SHA256
e0503657edff47af6c9bb45750bf8ce22e30119ccee49b99636267342ce4756f
-
SHA512
969f212c08a6688082505b6c7b85ccbff07737ff89f767f7c587e2f4db9ba009fc9c1d67b8c8fa35826cede1791d338f8c9d69c32793cb203cf8aa70c8f17fa4
-
SSDEEP
12288:a5ZPbEtyeBMBukT+68lEeQOX/Y6TP6oC1Y0+J52IiyXTNug4ZmZTHRvHws8qaZEP:a5ZQtXBW7y3lTNvYaMKfn2FugDAFVHww
Static task
static1
Behavioral task
behavioral1
Sample
e0503657edff47af6c9bb45750bf8ce22e30119ccee49b99636267342ce4756f.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
e0503657edff47af6c9bb45750bf8ce22e30119ccee49b99636267342ce4756f.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
e0503657edff47af6c9bb45750bf8ce22e30119ccee49b99636267342ce4756f
-
Size
542KB
-
MD5
8474d3bfa94cf0503791e95995d5ed90
-
SHA1
c6f2268051897fc2d870001f1a9cc07ebfa14a59
-
SHA256
e0503657edff47af6c9bb45750bf8ce22e30119ccee49b99636267342ce4756f
-
SHA512
969f212c08a6688082505b6c7b85ccbff07737ff89f767f7c587e2f4db9ba009fc9c1d67b8c8fa35826cede1791d338f8c9d69c32793cb203cf8aa70c8f17fa4
-
SSDEEP
12288:a5ZPbEtyeBMBukT+68lEeQOX/Y6TP6oC1Y0+J52IiyXTNug4ZmZTHRvHws8qaZEP:a5ZQtXBW7y3lTNvYaMKfn2FugDAFVHww
Score10/10-
Modifies visibility of file extensions in Explorer
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-