Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2023-05-12_bffd46a9c588683c66b6f4c0dba865c7_destroyer_wannacry
-
Size
22KB
-
Sample
230513-dh66rshe6x
-
MD5
bffd46a9c588683c66b6f4c0dba865c7
-
SHA1
ac4eb4cdc14f374935a8cd72976da47bd941dbb1
-
SHA256
0b716abe15b17a114c2f12fab954c861f82165bb0868f863cfb8dc634f76be7f
-
SHA512
bf2bdd9dc55d548e4b0c0e381095a405e4639a3d94028e4a9212aaffd4f17f43313c1056dcc0f1da9a56edd90f8e93d03aad2497063e80701af5759e97fccfd6
-
SSDEEP
384:m3Mg/bqo2CGVdKXqpVOjuwzUbJlr91CQJc3zDeN:Uqo2RnKXqpIjKtlr9AXeN
Behavioral task
behavioral1
Sample
2023-05-12_bffd46a9c588683c66b6f4c0dba865c7_destroyer_wannacry.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
2023-05-12_bffd46a9c588683c66b6f4c0dba865c7_destroyer_wannacry.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
2023-05-12_bffd46a9c588683c66b6f4c0dba865c7_destroyer_wannacry
-
Size
22KB
-
MD5
bffd46a9c588683c66b6f4c0dba865c7
-
SHA1
ac4eb4cdc14f374935a8cd72976da47bd941dbb1
-
SHA256
0b716abe15b17a114c2f12fab954c861f82165bb0868f863cfb8dc634f76be7f
-
SHA512
bf2bdd9dc55d548e4b0c0e381095a405e4639a3d94028e4a9212aaffd4f17f43313c1056dcc0f1da9a56edd90f8e93d03aad2497063e80701af5759e97fccfd6
-
SSDEEP
384:m3Mg/bqo2CGVdKXqpVOjuwzUbJlr91CQJc3zDeN:Uqo2RnKXqpIjKtlr9AXeN
Score10/10-
Chaos Ransomware
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-