Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ghj.exe
-
Size
66KB
-
Sample
230212-st2sraeh36
-
MD5
e6a1a7e9749c2e730a115db0d2322e0f
-
SHA1
8dcaa44b6cb950507f953ebd8046f1c01ada02bf
-
SHA256
0ff1a35e3ee55f9eb7523aa75999adf1208ffda8e318b411d00f81ae7db6d2e8
-
SHA512
b5a8f515feaf26145a4ded31285f936934b1748f431aae66b4f03d94f6e58547c717ba46029c6eec2cbd67f6f4fb188e1f74407a1f115ce46088c492aab3751d
-
SSDEEP
1536:vASM0a6LpfCejYAZQEdZbGYBuP7oCFo16AfG3OBf/Cs/LY:vASM0a6NfC/AZDdZbGYtrJfG3OBf/Y
Static task
static1
Behavioral task
behavioral1
Sample
ghj.exe
Resource
win10-20220901-en
Malware Config
Targets
-
-
Target
ghj.exe
-
Size
66KB
-
MD5
e6a1a7e9749c2e730a115db0d2322e0f
-
SHA1
8dcaa44b6cb950507f953ebd8046f1c01ada02bf
-
SHA256
0ff1a35e3ee55f9eb7523aa75999adf1208ffda8e318b411d00f81ae7db6d2e8
-
SHA512
b5a8f515feaf26145a4ded31285f936934b1748f431aae66b4f03d94f6e58547c717ba46029c6eec2cbd67f6f4fb188e1f74407a1f115ce46088c492aab3751d
-
SSDEEP
1536:vASM0a6LpfCejYAZQEdZbGYBuP7oCFo16AfG3OBf/Cs/LY:vASM0a6NfC/AZDdZbGYtrJfG3OBf/Y
Score10/10-
Modifies Installed Components in the registry
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-