Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2023-08-22_d36fe560cdfefeba4580a307db8cb2d3_ryuk_JC.exe

  • Size

    3.4MB

  • Sample

    230903-qfsa2sae26

  • MD5

    d36fe560cdfefeba4580a307db8cb2d3

  • SHA1

    9e43c59d95e988ef2ac013d36218b4ecb856d04b

  • SHA256

    be352678b42b5e5d84b7f960331f7c874ebedd00689145f14d2f5e7ce79d0924

  • SHA512

    34f283ea0f915dd53a1ee623a448d5a717303e3d8d49ba6d3f503dd8c6437a11d0dd5f01ca616c9782b15f8cc6049773ab151c2373191e2d62ce12431978b389

  • SSDEEP

    24576:eEtl9mRda12sX7hKB8NIyXbacAfZNRdpkhtIShJVVTyJNPty:9Es1RMB8NIMIxDCjVys

Score
10/10

Malware Config

Targets

    • Target

      2023-08-22_d36fe560cdfefeba4580a307db8cb2d3_ryuk_JC.exe

    • Size

      3.4MB

    • MD5

      d36fe560cdfefeba4580a307db8cb2d3

    • SHA1

      9e43c59d95e988ef2ac013d36218b4ecb856d04b

    • SHA256

      be352678b42b5e5d84b7f960331f7c874ebedd00689145f14d2f5e7ce79d0924

    • SHA512

      34f283ea0f915dd53a1ee623a448d5a717303e3d8d49ba6d3f503dd8c6437a11d0dd5f01ca616c9782b15f8cc6049773ab151c2373191e2d62ce12431978b389

    • SSDEEP

      24576:eEtl9mRda12sX7hKB8NIyXbacAfZNRdpkhtIShJVVTyJNPty:9Es1RMB8NIMIxDCjVys

    Score
    10/10
    • Modifies WinLogon for persistence

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks