Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2023-08-26_20a25829cbdbfebe400aaf23afae6bb8_ryuk_JC.exe

  • Size

    7.8MB

  • Sample

    231012-ccwbmshb8y

  • MD5

    20a25829cbdbfebe400aaf23afae6bb8

  • SHA1

    652362c813b9433d0bf9b032d7af074ed2a2a9a3

  • SHA256

    38697b0beb28935a979b3569793cf8c8393e466935ef1f35c4c7f3eee8b00bda

  • SHA512

    1d3f1ff37de29a50d78b2289980dfc0b5a4407971af9edeee325fc0cf68f568b1d83e4ea1a6179177bfdb5e0797bf861c5ef956ddea6ac012fb4df4553469685

  • SSDEEP

    98304:9E2RpMMHMMMvMMZMMMlmMMMiMMMYJMMHMMM6MMZMMMqNMMzMMMUMMVMMMYJMMzM4:9nwn3

Score
10/10

Malware Config

Targets

    • Target

      2023-08-26_20a25829cbdbfebe400aaf23afae6bb8_ryuk_JC.exe

    • Size

      7.8MB

    • MD5

      20a25829cbdbfebe400aaf23afae6bb8

    • SHA1

      652362c813b9433d0bf9b032d7af074ed2a2a9a3

    • SHA256

      38697b0beb28935a979b3569793cf8c8393e466935ef1f35c4c7f3eee8b00bda

    • SHA512

      1d3f1ff37de29a50d78b2289980dfc0b5a4407971af9edeee325fc0cf68f568b1d83e4ea1a6179177bfdb5e0797bf861c5ef956ddea6ac012fb4df4553469685

    • SSDEEP

      98304:9E2RpMMHMMMvMMZMMMlmMMMiMMMYJMMHMMM6MMZMMMqNMMzMMMUMMVMMMYJMMzM4:9nwn3

    Score
    10/10
    • Modifies WinLogon for persistence

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks