Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Annabelle By TGet!.zip
-
Size
15.6MB
-
Sample
221202-ymyqeahc59
-
MD5
3d62b32baa97635046b29d94720ca502
-
SHA1
5c451e42bf2ae1696e385ca3db69456b595420e2
-
SHA256
cbac3e598d3493c1736f3abc684d4735ad290b6ede81d50e4944c727b77d93d0
-
SHA512
60a6d3ba23acadffcefee190040c02af26da9b61ac380d4e147e474c91862edeb000fc97c0837a185809b0b6752dd67c2f0906e9d98103e31721bab3fee51d57
-
SSDEEP
393216:Cx9OULg05a1C5GKChb1ujulybBjhrcbkizGw2m:q9OULnkC5ihwSyNhrRizf
Static task
static1
Behavioral task
behavioral1
Sample
Annabelle.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Annabelle.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
Annabelle.bin
-
Size
15.9MB
-
MD5
0f743287c9911b4b1c726c7c7edcaf7d
-
SHA1
9760579e73095455fcbaddfe1e7e98a2bb28bfe0
-
SHA256
716335ba5cd1e7186c40295b199190e2b6655e48f1c1cbe12139ba67faa5e1ac
-
SHA512
2a6dd6288303700ef9cb06ae1efeb1e121c89c97708e5ecd15ed9b2a35d0ecff03d8da58b30daeadad89bd38dc4649521ada149fb457408e5a2bdf1512f88677
-
SSDEEP
393216:UMwm0qBknxdEX+LbMUgoSZmWSmh4aaRN22ChHCMNku1y:UMcKX+Lbjgd7W1RNVC9ku1
Score10/10-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables use of System Restore points
-
Modifies Windows Firewall
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v6
Persistence
Modify Existing Service
2Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Defense Evasion
Bypass User Account Control
1Disabling Security Tools
2File Deletion
2Modify Registry
6