Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

14/05/2023, 22:37

230514-2j6tdsgb3z 10

13/05/2023, 03:01

230513-dh66rshe6x 10

General

  • Target

    2023-05-12_bffd46a9c588683c66b6f4c0dba865c7_destroyer_wannacry

  • Size

    22KB

  • Sample

    230513-dh66rshe6x

  • MD5

    bffd46a9c588683c66b6f4c0dba865c7

  • SHA1

    ac4eb4cdc14f374935a8cd72976da47bd941dbb1

  • SHA256

    0b716abe15b17a114c2f12fab954c861f82165bb0868f863cfb8dc634f76be7f

  • SHA512

    bf2bdd9dc55d548e4b0c0e381095a405e4639a3d94028e4a9212aaffd4f17f43313c1056dcc0f1da9a56edd90f8e93d03aad2497063e80701af5759e97fccfd6

  • SSDEEP

    384:m3Mg/bqo2CGVdKXqpVOjuwzUbJlr91CQJc3zDeN:Uqo2RnKXqpIjKtlr9AXeN

Malware Config

Targets

    • Target

      2023-05-12_bffd46a9c588683c66b6f4c0dba865c7_destroyer_wannacry

    • Size

      22KB

    • MD5

      bffd46a9c588683c66b6f4c0dba865c7

    • SHA1

      ac4eb4cdc14f374935a8cd72976da47bd941dbb1

    • SHA256

      0b716abe15b17a114c2f12fab954c861f82165bb0868f863cfb8dc634f76be7f

    • SHA512

      bf2bdd9dc55d548e4b0c0e381095a405e4639a3d94028e4a9212aaffd4f17f43313c1056dcc0f1da9a56edd90f8e93d03aad2497063e80701af5759e97fccfd6

    • SSDEEP

      384:m3Mg/bqo2CGVdKXqpVOjuwzUbJlr91CQJc3zDeN:Uqo2RnKXqpIjKtlr9AXeN

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v6

Tasks