Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2023-05-08_ffdefa247d3bb4429558e8b334f4f2ae_wannacry.exe
-
Size
341KB
-
Sample
230509-drhjrseb25
-
MD5
ffdefa247d3bb4429558e8b334f4f2ae
-
SHA1
af9f3af31889b55552a5721244184d0a115be74c
-
SHA256
542c157186bae766dd3e2df424e9c25251d71086b99cc9df121bc9bf50462688
-
SHA512
0f4b5534179a690bbaa5333fbf4b11e881d2b60c37f3ade95ebf6b481bbf58b76a17bf4945883babadd8b5b9681c4710ddb2ab4380cd27cf73430e8609d0b9d7
-
SSDEEP
6144:Drbwc9N+fwvDIK9LpXXXXXXXXXXXXXXXXQGuFFM5:dWwbLpXXXXXXXXXXXXXXXX5uw5
Behavioral task
behavioral1
Sample
2023-05-08_ffdefa247d3bb4429558e8b334f4f2ae_wannacry.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
2023-05-08_ffdefa247d3bb4429558e8b334f4f2ae_wannacry.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\read_it.txt
chaos
Targets
-
-
Target
2023-05-08_ffdefa247d3bb4429558e8b334f4f2ae_wannacry.exe
-
Size
341KB
-
MD5
ffdefa247d3bb4429558e8b334f4f2ae
-
SHA1
af9f3af31889b55552a5721244184d0a115be74c
-
SHA256
542c157186bae766dd3e2df424e9c25251d71086b99cc9df121bc9bf50462688
-
SHA512
0f4b5534179a690bbaa5333fbf4b11e881d2b60c37f3ade95ebf6b481bbf58b76a17bf4945883babadd8b5b9681c4710ddb2ab4380cd27cf73430e8609d0b9d7
-
SSDEEP
6144:Drbwc9N+fwvDIK9LpXXXXXXXXXXXXXXXXQGuFFM5:dWwbLpXXXXXXXXXXXXXXXX5uw5
Score10/10-
Chaos Ransomware
-
Modifies boot configuration data using bcdedit
-
Disables Task Manager via registry modification
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-