Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2023-08-22_d36fe560cdfefeba4580a307db8cb2d3_ryuk_JC.exe
-
Size
3.4MB
-
Sample
230903-qfsa2sae26
-
MD5
d36fe560cdfefeba4580a307db8cb2d3
-
SHA1
9e43c59d95e988ef2ac013d36218b4ecb856d04b
-
SHA256
be352678b42b5e5d84b7f960331f7c874ebedd00689145f14d2f5e7ce79d0924
-
SHA512
34f283ea0f915dd53a1ee623a448d5a717303e3d8d49ba6d3f503dd8c6437a11d0dd5f01ca616c9782b15f8cc6049773ab151c2373191e2d62ce12431978b389
-
SSDEEP
24576:eEtl9mRda12sX7hKB8NIyXbacAfZNRdpkhtIShJVVTyJNPty:9Es1RMB8NIMIxDCjVys
Static task
static1
Behavioral task
behavioral1
Sample
2023-08-22_d36fe560cdfefeba4580a307db8cb2d3_ryuk_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
2023-08-22_d36fe560cdfefeba4580a307db8cb2d3_ryuk_JC.exe
Resource
win10v2004-20230831-en
Malware Config
Targets
-
-
Target
2023-08-22_d36fe560cdfefeba4580a307db8cb2d3_ryuk_JC.exe
-
Size
3.4MB
-
MD5
d36fe560cdfefeba4580a307db8cb2d3
-
SHA1
9e43c59d95e988ef2ac013d36218b4ecb856d04b
-
SHA256
be352678b42b5e5d84b7f960331f7c874ebedd00689145f14d2f5e7ce79d0924
-
SHA512
34f283ea0f915dd53a1ee623a448d5a717303e3d8d49ba6d3f503dd8c6437a11d0dd5f01ca616c9782b15f8cc6049773ab151c2373191e2d62ce12431978b389
-
SSDEEP
24576:eEtl9mRda12sX7hKB8NIyXbacAfZNRdpkhtIShJVVTyJNPty:9Es1RMB8NIMIxDCjVys
Score10/10-
Modifies WinLogon for persistence
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-