Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2023-04-25_88a230528b06c525c64b27905aef17df_ryuk

  • Size

    3.0MB

  • Sample

    230426-efmvsaeh68

  • MD5

    88a230528b06c525c64b27905aef17df

  • SHA1

    d69533af59e863787f0e914bb62c713ea3db90af

  • SHA256

    0dfa5754bd91b3605504f8cf49d498d0e3b7ea5d0c3af20bd94eb33d6704626d

  • SHA512

    a119918d2adcaa80700ddf2fd79d421e2c21c1a881ab1c3bd1081b602e9d97a22b73b92a0b7ad54f0c76f50727adb0a2fc9644e224b4ce2d42c6110539e814b9

  • SSDEEP

    24576:eEtl9mRda12sX7hKB8NIyXbacAfPNRdpkhtIShJVVTyJNPtx:9Es1RMB8NIMIXDCjVyT

Score
10/10

Malware Config

Targets

    • Target

      2023-04-25_88a230528b06c525c64b27905aef17df_ryuk

    • Size

      3.0MB

    • MD5

      88a230528b06c525c64b27905aef17df

    • SHA1

      d69533af59e863787f0e914bb62c713ea3db90af

    • SHA256

      0dfa5754bd91b3605504f8cf49d498d0e3b7ea5d0c3af20bd94eb33d6704626d

    • SHA512

      a119918d2adcaa80700ddf2fd79d421e2c21c1a881ab1c3bd1081b602e9d97a22b73b92a0b7ad54f0c76f50727adb0a2fc9644e224b4ce2d42c6110539e814b9

    • SSDEEP

      24576:eEtl9mRda12sX7hKB8NIyXbacAfPNRdpkhtIShJVVTyJNPtx:9Es1RMB8NIMIXDCjVyT

    Score
    10/10
    • Modifies WinLogon for persistence

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks