Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
88e21ba6949207exeexeexeex.exe
-
Size
256KB
-
Sample
230709-jad3xabb46
-
MD5
88e21ba69492076afa3e8cd9468e80e3
-
SHA1
c2d062787d1b3d73fb3f40ba142f87337fd396f6
-
SHA256
05dc2fd7500895b3b606ce163166b124c54660511a8fc0374d67f03ea33da845
-
SHA512
0d878a01e1af7711296ec03ee7f1a25178d90e6ce1a1c44ae5521df1447e1834aabc514bde98901964d9dc1bcf33473c0dfbbb34c520896508c66f669e3a1d6c
-
SSDEEP
6144:B9B3zAM/Wo+AG8kyj8piqHSCB2Tdcbk85hZJxvjx97Yz5pZIjuZPWY00/DhyBYN:BT3lWok8kyj8piqHSCB2Tdcbk85hZJx6
Static task
static1
Behavioral task
behavioral1
Sample
88e21ba6949207exeexeexeex.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
88e21ba6949207exeexeexeex.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
88e21ba6949207exeexeexeex.exe
-
Size
256KB
-
MD5
88e21ba69492076afa3e8cd9468e80e3
-
SHA1
c2d062787d1b3d73fb3f40ba142f87337fd396f6
-
SHA256
05dc2fd7500895b3b606ce163166b124c54660511a8fc0374d67f03ea33da845
-
SHA512
0d878a01e1af7711296ec03ee7f1a25178d90e6ce1a1c44ae5521df1447e1834aabc514bde98901964d9dc1bcf33473c0dfbbb34c520896508c66f669e3a1d6c
-
SSDEEP
6144:B9B3zAM/Wo+AG8kyj8piqHSCB2Tdcbk85hZJxvjx97Yz5pZIjuZPWY00/DhyBYN:BT3lWok8kyj8piqHSCB2Tdcbk85hZJx6
Score10/10-
Modifies visibility of file extensions in Explorer
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-