Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Annabelle By TGet!.zip

  • Size

    15.6MB

  • Sample

    221202-ymyqeahc59

  • MD5

    3d62b32baa97635046b29d94720ca502

  • SHA1

    5c451e42bf2ae1696e385ca3db69456b595420e2

  • SHA256

    cbac3e598d3493c1736f3abc684d4735ad290b6ede81d50e4944c727b77d93d0

  • SHA512

    60a6d3ba23acadffcefee190040c02af26da9b61ac380d4e147e474c91862edeb000fc97c0837a185809b0b6752dd67c2f0906e9d98103e31721bab3fee51d57

  • SSDEEP

    393216:Cx9OULg05a1C5GKChb1ujulybBjhrcbkizGw2m:q9OULnkC5ihwSyNhrRizf

Malware Config

Targets

    • Target

      Annabelle.bin

    • Size

      15.9MB

    • MD5

      0f743287c9911b4b1c726c7c7edcaf7d

    • SHA1

      9760579e73095455fcbaddfe1e7e98a2bb28bfe0

    • SHA256

      716335ba5cd1e7186c40295b199190e2b6655e48f1c1cbe12139ba67faa5e1ac

    • SHA512

      2a6dd6288303700ef9cb06ae1efeb1e121c89c97708e5ecd15ed9b2a35d0ecff03d8da58b30daeadad89bd38dc4649521ada149fb457408e5a2bdf1512f88677

    • SSDEEP

      393216:UMwm0qBknxdEX+LbMUgoSZmWSmh4aaRN22ChHCMNku1y:UMcKX+Lbjgd7W1RNVC9ku1

    • Modifies WinLogon for persistence

    • Modifies Windows Defender Real-time Protection settings

    • UAC bypass

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Disables use of System Restore points

    • Modifies Windows Firewall

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks