Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.2023-09-05_036b5cf132e734762af8fbf07faf094a_ryuk_JC.exe

  • Size

    21.6MB

  • Sample

    231023-xrk5faeh47

  • MD5

    036b5cf132e734762af8fbf07faf094a

  • SHA1

    d71e385c7a3e808acfcf63f71291ba74c435b306

  • SHA256

    e301f19720af26914bd818e738f68ce7d1fa7ccdcd1cbe97b867e2bbf7fbe97e

  • SHA512

    bd4f1113e9f161edc2aed4c9816779b367bdb68e637178e37a3d26d7e17991b8872020e232c21dbe83485d3f19c19312a5c8a598dd07941834fc91169db04723

  • SSDEEP

    98304:9E2RpMMHMMMvMMZMMMlmMMMiMMMYJMMHMMM6MMZMMMqNMMzMMMUMMVMMMYJMMzMW:9nwngnwnBR/

Score
10/10

Malware Config

Targets

    • Target

      NEAS.2023-09-05_036b5cf132e734762af8fbf07faf094a_ryuk_JC.exe

    • Size

      21.6MB

    • MD5

      036b5cf132e734762af8fbf07faf094a

    • SHA1

      d71e385c7a3e808acfcf63f71291ba74c435b306

    • SHA256

      e301f19720af26914bd818e738f68ce7d1fa7ccdcd1cbe97b867e2bbf7fbe97e

    • SHA512

      bd4f1113e9f161edc2aed4c9816779b367bdb68e637178e37a3d26d7e17991b8872020e232c21dbe83485d3f19c19312a5c8a598dd07941834fc91169db04723

    • SSDEEP

      98304:9E2RpMMHMMMvMMZMMMlmMMMiMMMYJMMHMMM6MMZMMMqNMMzMMMUMMVMMMYJMMzMW:9nwngnwnBR/

    Score
    10/10
    • Modifies WinLogon for persistence

    • Renames multiple (224) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Renames multiple (93) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops startup file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks