Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2023-03-16_80588ef251b3ebaa3da89fece7dd9743_wannacry.exe

  • Size

    238KB

  • Sample

    230317-e1c63sec24

  • MD5

    80588ef251b3ebaa3da89fece7dd9743

  • SHA1

    8e9cadf5793282e9c3127b0c6de07960fe087711

  • SHA256

    f4a5aa80ca26fec66638d8d42d54bf261580b8a2d6a664cf74dd47028bfe20a8

  • SHA512

    c0a3c0838fb06584abf877d60a483577ce3a3f9af99d8028662f507c6b7f2c9545b5462072cc2ba72a699b047fc107396df7f3ceae209ee72c2b987506ad6b1f

  • SSDEEP

    3072:NoMYir9nL9z3+wdSe1WcBRjpW5VFMNBDf5qIS/QWqGiUEJhREVUAISsdWBYf7DSc:1r9nLhxhdsVFGEeRJk8nrKfQC

Malware Config

Targets

    • Target

      2023-03-16_80588ef251b3ebaa3da89fece7dd9743_wannacry.exe

    • Size

      238KB

    • MD5

      80588ef251b3ebaa3da89fece7dd9743

    • SHA1

      8e9cadf5793282e9c3127b0c6de07960fe087711

    • SHA256

      f4a5aa80ca26fec66638d8d42d54bf261580b8a2d6a664cf74dd47028bfe20a8

    • SHA512

      c0a3c0838fb06584abf877d60a483577ce3a3f9af99d8028662f507c6b7f2c9545b5462072cc2ba72a699b047fc107396df7f3ceae209ee72c2b987506ad6b1f

    • SSDEEP

      3072:NoMYir9nL9z3+wdSe1WcBRjpW5VFMNBDf5qIS/QWqGiUEJhREVUAISsdWBYf7DSc:1r9nLhxhdsVFGEeRJk8nrKfQC

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies boot configuration data using bcdedit

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.