Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bb5ca9d8de51734dbd14dc081c7c892d819cd14fafd7ccd62849d70f9e679369.exe
-
Size
205KB
-
Sample
230330-1ggk2sec87
-
MD5
62e53bc5aa5f2a70a54e328bff51505f
-
SHA1
e7deceee97a09d539d81eb91f988ece5e2a2ff51
-
SHA256
bb5ca9d8de51734dbd14dc081c7c892d819cd14fafd7ccd62849d70f9e679369
-
SHA512
a676dd284188271be1760ed1edd3320341713662aba1c615481f256007e614e58756a7b6a565beed777230c2ae829c561e3bf3510921ad6495d3776cfdfaa793
-
SSDEEP
6144:+B4mr9NzqHW7V5V9w/UIRZizI1aqebq/lsyp:+B40qHW7nU/pZmiXqy
Behavioral task
behavioral1
Sample
bb5ca9d8de51734dbd14dc081c7c892d819cd14fafd7ccd62849d70f9e679369.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
bb5ca9d8de51734dbd14dc081c7c892d819cd14fafd7ccd62849d70f9e679369.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
bb5ca9d8de51734dbd14dc081c7c892d819cd14fafd7ccd62849d70f9e679369.exe
-
Size
205KB
-
MD5
62e53bc5aa5f2a70a54e328bff51505f
-
SHA1
e7deceee97a09d539d81eb91f988ece5e2a2ff51
-
SHA256
bb5ca9d8de51734dbd14dc081c7c892d819cd14fafd7ccd62849d70f9e679369
-
SHA512
a676dd284188271be1760ed1edd3320341713662aba1c615481f256007e614e58756a7b6a565beed777230c2ae829c561e3bf3510921ad6495d3776cfdfaa793
-
SSDEEP
6144:+B4mr9NzqHW7V5V9w/UIRZizI1aqebq/lsyp:+B40qHW7nU/pZmiXqy
Score10/10-
Chaos Ransomware
-
Modifies boot configuration data using bcdedit
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-