Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.2023-09-05_2356fb2385810d3d38ab438830843003_ryuk_JC.exe

  • Size

    20.8MB

  • Sample

    231031-1bxp3sgb45

  • MD5

    2356fb2385810d3d38ab438830843003

  • SHA1

    1f94cbdcea8d883d618a14af3fb9e822767b9427

  • SHA256

    25bcc469bb6cfbfa8ac29620ed013c37a5ab0ee6278faecf83d553a21af32cb5

  • SHA512

    1ab6313d8a2151c74da07dedc255e5cc7f1f117fc61f7f969451f63c54b01e1bef00d521d374df269cbe91ac5d879efc64f3343dfe9ac9b0206c127e0138442d

  • SSDEEP

    98304:9E2RpMMHMMMvMMZMMMlmMMMiMMMYJMMHMMM6MMZMMMqNMMzMMMUMMVMMMYJMMzMc:9nwngnwnBRt

Score
10/10

Malware Config

Targets

    • Target

      NEAS.2023-09-05_2356fb2385810d3d38ab438830843003_ryuk_JC.exe

    • Size

      20.8MB

    • MD5

      2356fb2385810d3d38ab438830843003

    • SHA1

      1f94cbdcea8d883d618a14af3fb9e822767b9427

    • SHA256

      25bcc469bb6cfbfa8ac29620ed013c37a5ab0ee6278faecf83d553a21af32cb5

    • SHA512

      1ab6313d8a2151c74da07dedc255e5cc7f1f117fc61f7f969451f63c54b01e1bef00d521d374df269cbe91ac5d879efc64f3343dfe9ac9b0206c127e0138442d

    • SSDEEP

      98304:9E2RpMMHMMMvMMZMMMlmMMMiMMMYJMMHMMM6MMZMMMqNMMzMMMUMMVMMMYJMMzMc:9nwngnwnBRt

    Score
    10/10
    • Modifies WinLogon for persistence

    • Renames multiple (108) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Renames multiple (93) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops startup file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks