Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2023-03-16_80588ef251b3ebaa3da89fece7dd9743_wannacry.exe
-
Size
238KB
-
Sample
230317-e1c63sec24
-
MD5
80588ef251b3ebaa3da89fece7dd9743
-
SHA1
8e9cadf5793282e9c3127b0c6de07960fe087711
-
SHA256
f4a5aa80ca26fec66638d8d42d54bf261580b8a2d6a664cf74dd47028bfe20a8
-
SHA512
c0a3c0838fb06584abf877d60a483577ce3a3f9af99d8028662f507c6b7f2c9545b5462072cc2ba72a699b047fc107396df7f3ceae209ee72c2b987506ad6b1f
-
SSDEEP
3072:NoMYir9nL9z3+wdSe1WcBRjpW5VFMNBDf5qIS/QWqGiUEJhREVUAISsdWBYf7DSc:1r9nLhxhdsVFGEeRJk8nrKfQC
Behavioral task
behavioral1
Sample
2023-03-16_80588ef251b3ebaa3da89fece7dd9743_wannacry.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
2023-03-16_80588ef251b3ebaa3da89fece7dd9743_wannacry.exe
Resource
win10v2004-20230221-en
Malware Config
Targets
-
-
Target
2023-03-16_80588ef251b3ebaa3da89fece7dd9743_wannacry.exe
-
Size
238KB
-
MD5
80588ef251b3ebaa3da89fece7dd9743
-
SHA1
8e9cadf5793282e9c3127b0c6de07960fe087711
-
SHA256
f4a5aa80ca26fec66638d8d42d54bf261580b8a2d6a664cf74dd47028bfe20a8
-
SHA512
c0a3c0838fb06584abf877d60a483577ce3a3f9af99d8028662f507c6b7f2c9545b5462072cc2ba72a699b047fc107396df7f3ceae209ee72c2b987506ad6b1f
-
SSDEEP
3072:NoMYir9nL9z3+wdSe1WcBRjpW5VFMNBDf5qIS/QWqGiUEJhREVUAISsdWBYf7DSc:1r9nLhxhdsVFGEeRJk8nrKfQC
Score10/10-
Chaos Ransomware
-
Modifies boot configuration data using bcdedit
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-