Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
068ca3e92c65eb907b5a34be16580e267efbbde6f9129ca30ad80c948a1d3ffd
-
Size
147KB
-
Sample
230112-qc385sga56
-
MD5
75256873a03f4a4bc073185f48c1097c
-
SHA1
e9023061def67ba21c09826fadc1607fd7f71d88
-
SHA256
068ca3e92c65eb907b5a34be16580e267efbbde6f9129ca30ad80c948a1d3ffd
-
SHA512
4b718093ad42d7b7b72498dfcbcfd1b39c980ef44e999b7035e6bfe6b782aad6b7553832f1efee45003d9b0c56bf2e408ca55082c550ac4faa19f199f366dede
-
SSDEEP
3072:s6glyuxE4GsUPnliByocWepvdHFdjFpZ/fgyVF0dj:s6gDBGpvEByocWetdHZ/fgKF0
Static task
static1
Behavioral task
behavioral1
Sample
068ca3e92c65eb907b5a34be16580e267efbbde6f9129ca30ad80c948a1d3ffd.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
068ca3e92c65eb907b5a34be16580e267efbbde6f9129ca30ad80c948a1d3ffd.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
C:\cHpfiXA9s.README.txt
Targets
-
-
Target
068ca3e92c65eb907b5a34be16580e267efbbde6f9129ca30ad80c948a1d3ffd
-
Size
147KB
-
MD5
75256873a03f4a4bc073185f48c1097c
-
SHA1
e9023061def67ba21c09826fadc1607fd7f71d88
-
SHA256
068ca3e92c65eb907b5a34be16580e267efbbde6f9129ca30ad80c948a1d3ffd
-
SHA512
4b718093ad42d7b7b72498dfcbcfd1b39c980ef44e999b7035e6bfe6b782aad6b7553832f1efee45003d9b0c56bf2e408ca55082c550ac4faa19f199f366dede
-
SSDEEP
3072:s6glyuxE4GsUPnliByocWepvdHFdjFpZ/fgyVF0dj:s6gDBGpvEByocWetdHZ/fgKF0
Score10/10-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-