chaos | f4a5aa80ca26fec66638d8d42d54bf261580b8a2d6a664cf74dd47028bfe20a8 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

2023-03-16...ry.exe

windows7-x64

2023-03-16...ry.exe

windows10-2004-x64

Sharing

General

Target

2023-03-16_80588ef251b3ebaa3da89fece7dd9743_wannacry.exe
Size

238KB
Sample

230317-e1c63sec24
MD5

80588ef251b3ebaa3da89fece7dd9743
SHA1

8e9cadf5793282e9c3127b0c6de07960fe087711
SHA256

f4a5aa80ca26fec66638d8d42d54bf261580b8a2d6a664cf74dd47028bfe20a8
SHA512

c0a3c0838fb06584abf877d60a483577ce3a3f9af99d8028662f507c6b7f2c9545b5462072cc2ba72a699b047fc107396df7f3ceae209ee72c2b987506ad6b1f
SSDEEP

3072:NoMYir9nL9z3+wdSe1WcBRjpW5VFMNBDf5qIS/QWqGiUEJhREVUAISsdWBYf7DSc:1r9nLhxhdsVFGEeRJk8nrKfQC

Score

10^/10

chaos evasion ransomware spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2023-03-16_80588ef251b3ebaa3da89fece7dd9743_wannacry.exe

Resource

win7-20230220-en

chaos evasion ransomware spyware stealer

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

2023-03-16_80588ef251b3ebaa3da89fece7dd9743_wannacry.exe

Resource

win10v2004-20230221-en

chaos evasion ransomware spyware stealer

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  2023-03-16_80588ef251b3ebaa3da89fece7dd9743_wannacry.exe
- Size
  
  238KB
- MD5
  
  80588ef251b3ebaa3da89fece7dd9743
- SHA1
  
  8e9cadf5793282e9c3127b0c6de07960fe087711
- SHA256
  
  f4a5aa80ca26fec66638d8d42d54bf261580b8a2d6a664cf74dd47028bfe20a8
- SHA512
  
  c0a3c0838fb06584abf877d60a483577ce3a3f9af99d8028662f507c6b7f2c9545b5462072cc2ba72a699b047fc107396df7f3ceae209ee72c2b987506ad6b1f
- SSDEEP
  
  3072:NoMYir9nL9z3+wdSe1WcBRjpW5VFMNBDf5qIS/QWqGiUEJhREVUAISsdWBYf7DSc:1r9nLhxhdsVFGEeRJk8nrKfQC
Score

10^/10

chaos evasion ransomware spyware stealer
- Chaos
  Ransomware family first seen in June 2021.
  ransomware chaos
- Chaos Ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Deletes backup catalog
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Defacement

Inhibit System Recovery

Tasks

static1

behavioral1

chaosevasionransomwarespywarestealer

behavioral2

chaosevasionransomwarespywarestealer

© 2018-2025

Terms | Privacy