Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5cdfaad20cdf58exeexeexeex.exe
-
Size
334KB
-
Sample
230706-qyx91sch6v
-
MD5
5cdfaad20cdf5895477b8dd451a38b76
-
SHA1
f59d1bc399d988d5d5169e7df09b8e57589c1127
-
SHA256
1fbfc0b007a6e3e6d21635f4fc6862f73193a94eb54ca6561eb8de30ede2b155
-
SHA512
78229d6cd0432671aa91a770a95b97691376d1283a6ad4be59cb01eb439e987eb87f341405fe54889f6e2957fe874c6940d53ade0dcaf0be7698a634b86828d1
-
SSDEEP
6144:lv3XLrZ99999999999999X99999999999999X99999999999999X99999999999j:NnLrZ99999999999999X99999999999D
Static task
static1
Behavioral task
behavioral1
Sample
5cdfaad20cdf58exeexeexeex.exe
Resource
win7-20230705-en
Behavioral task
behavioral2
Sample
5cdfaad20cdf58exeexeexeex.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
5cdfaad20cdf58exeexeexeex.exe
-
Size
334KB
-
MD5
5cdfaad20cdf5895477b8dd451a38b76
-
SHA1
f59d1bc399d988d5d5169e7df09b8e57589c1127
-
SHA256
1fbfc0b007a6e3e6d21635f4fc6862f73193a94eb54ca6561eb8de30ede2b155
-
SHA512
78229d6cd0432671aa91a770a95b97691376d1283a6ad4be59cb01eb439e987eb87f341405fe54889f6e2957fe874c6940d53ade0dcaf0be7698a634b86828d1
-
SSDEEP
6144:lv3XLrZ99999999999999X99999999999999X99999999999999X99999999999j:NnLrZ99999999999999X99999999999D
Score10/10-
Modifies visibility of file extensions in Explorer
-
Blocklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-