Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2023-03-16_80588ef251b3ebaa3da89fece7dd9743_wannacry.exe

  • Size

    238KB

  • Sample

    230317-e1c63sec24

  • MD5

    80588ef251b3ebaa3da89fece7dd9743

  • SHA1

    8e9cadf5793282e9c3127b0c6de07960fe087711

  • SHA256

    f4a5aa80ca26fec66638d8d42d54bf261580b8a2d6a664cf74dd47028bfe20a8

  • SHA512

    c0a3c0838fb06584abf877d60a483577ce3a3f9af99d8028662f507c6b7f2c9545b5462072cc2ba72a699b047fc107396df7f3ceae209ee72c2b987506ad6b1f

  • SSDEEP

    3072:NoMYir9nL9z3+wdSe1WcBRjpW5VFMNBDf5qIS/QWqGiUEJhREVUAISsdWBYf7DSc:1r9nLhxhdsVFGEeRJk8nrKfQC

Malware Config

Targets

    • Target

      2023-03-16_80588ef251b3ebaa3da89fece7dd9743_wannacry.exe

    • Size

      238KB

    • MD5

      80588ef251b3ebaa3da89fece7dd9743

    • SHA1

      8e9cadf5793282e9c3127b0c6de07960fe087711

    • SHA256

      f4a5aa80ca26fec66638d8d42d54bf261580b8a2d6a664cf74dd47028bfe20a8

    • SHA512

      c0a3c0838fb06584abf877d60a483577ce3a3f9af99d8028662f507c6b7f2c9545b5462072cc2ba72a699b047fc107396df7f3ceae209ee72c2b987506ad6b1f

    • SSDEEP

      3072:NoMYir9nL9z3+wdSe1WcBRjpW5VFMNBDf5qIS/QWqGiUEJhREVUAISsdWBYf7DSc:1r9nLhxhdsVFGEeRJk8nrKfQC

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies boot configuration data using bcdedit

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v6

Tasks