Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

e6ce1897ec...2b.exe

windows7-x64

10

e6ce1897ec...2b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e6ce1897ece2f6cdd6c60aa4fa268d9cf6e887b2776130ec7c302d75edbb022b

  • Size

    45KB

  • Sample

    230327-h3yscacc37

  • MD5

    0b08569ed102d22ba7c1c8f169f65009

  • SHA1

    47ee1fa9d9d8cbe9b46bd1c235e1588b7ea53dc2

  • SHA256

    e6ce1897ece2f6cdd6c60aa4fa268d9cf6e887b2776130ec7c302d75edbb022b

  • SHA512

    c5ab603dada3cb129da4f93483a8119e8bf50494c656669bed9ebf3a158f3132f9948cede40cbcb8cae000d32528ef3434680db92976eaf978e273dfce168dc1

  • SSDEEP

    768:H9tDb7iaMIn7zAEleijtWpIS6ATY+W+ZEn3lFEhuc2cIMKKmxcBAsYcRA:H9tTX

Score
10/10
persistenceransomware

Malware Config

Targets

    • Target

      e6ce1897ece2f6cdd6c60aa4fa268d9cf6e887b2776130ec7c302d75edbb022b

    • Size

      45KB

    • MD5

      0b08569ed102d22ba7c1c8f169f65009

    • SHA1

      47ee1fa9d9d8cbe9b46bd1c235e1588b7ea53dc2

    • SHA256

      e6ce1897ece2f6cdd6c60aa4fa268d9cf6e887b2776130ec7c302d75edbb022b

    • SHA512

      c5ab603dada3cb129da4f93483a8119e8bf50494c656669bed9ebf3a158f3132f9948cede40cbcb8cae000d32528ef3434680db92976eaf978e273dfce168dc1

    • SSDEEP

      768:H9tDb7iaMIn7zAEleijtWpIS6ATY+W+ZEn3lFEhuc2cIMKKmxcBAsYcRA:H9tTX

    Score
    10/10
    persistenceransomware

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks