Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Behavioral task
behavioral1
Sample
082a2ce2dde8b3a50f2d49949.exe
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
082a2ce2dde8b3a50f2d49949.exe
Resource
win10v2004-20230703-en
General
-
Target
082a2ce2dde8b3a50f2d49949.exe
-
Size
34KB
-
MD5
578961ae2ca365d4c4043aacb332b2ab
-
SHA1
1f4a4edc5042b52e044cf3113ac41fd010bc45ef
-
SHA256
082a2ce2dde8b3a50f2d499496879e85562ee949cb151c8052eaaa713cddd0f8
-
SHA512
5ce6c2838f34e77dec1814501d4e85a85e5c16ee21ac80af84f4d346ee1ea2044784a6f2fed5a95298721befd74620a8285f2c1de1f42e800513032f18f0df33
-
SSDEEP
768:W4HLd8VdhfqV1Esg8kdJCzSIZHkKRV6kNDGt6m474va8I:WQ8ViV1U8ZGURVFGi9
Malware Config
Signatures
-
MAKOP ransomware payload 1 IoCs
resource yara_rule sample family_makop -
Makop family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 082a2ce2dde8b3a50f2d49949.exe
Files
-
082a2ce2dde8b3a50f2d49949.exe.exe windows x86
b2a2e59916055b004c7a8f339a45d95f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mpr
WNetEnumResourceW
WNetOpenEnumW
WNetCloseEnum
kernel32
FindFirstFileW
DeviceIoControl
GetDriveTypeW
WaitForMultipleObjects
SetErrorMode
FindNextFileW
Sleep
WriteFile
ReadFile
FlushFileBuffers
GetFileSizeEx
MoveFileW
SetFileAttributesW
SetEndOfFile
SetFilePointerEx
GetProcessHeap
GetVersion
FindClose
GetCurrentProcess
HeapFree
GetProcAddress
LoadLibraryA
OpenProcess
GetFileType
GetModuleHandleA
DuplicateHandle
GetCurrentProcessId
ExitProcess
GetLastError
GetCommandLineW
Process32NextW
CreateMutexA
CreateToolhelp32Snapshot
GetLocaleInfoW
GetEnvironmentVariableW
GetModuleFileNameW
PeekNamedPipe
CreateProcessW
Process32FirstW
GetSystemWindowsDirectoryW
SetHandleInformation
CreateDirectoryW
CreateFileW
GetFileAttributesW
GetLogicalDrives
CreateThread
WaitForSingleObject
GetVolumeInformationW
TerminateProcess
DeleteCriticalSection
GetExitCodeProcess
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
CloseHandle
HeapAlloc
CreatePipe
user32
wsprintfW
wsprintfA
GetShellWindow
GetWindowThreadProcessId
advapi32
CryptSetKeyParam
CryptAcquireContextW
CryptDecrypt
CryptDestroyKey
CryptGenRandom
CryptReleaseContext
GetTokenInformation
SetTokenInformation
OpenProcessToken
RegCloseKey
DuplicateTokenEx
RegQueryValueExA
RegOpenKeyExA
CryptEncrypt
CryptImportKey
shell32
SHGetSpecialFolderPathW
CommandLineToArgvW
ord680
Sections
.text Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 70KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE