Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
127974ae306f0e0434bc6bcdff0b141907fbe11447eb60748dbd43ae87c43c06.exe.compressed
-
Size
99KB
-
Sample
240128-12xsrsbbc5
-
MD5
fc0cd8c09e1bf0954c69148ce27d6763
-
SHA1
b1876fdbde6da1f79c9dae609a05ac5abb46b3f5
-
SHA256
8dde13bc5834ca881bbe14707b2ce81b776783150c4a7a8e49b772fb6d610b83
-
SHA512
4141cf923e1c492fd9fe7219b0ca99fd1dcecc81621c6d2781037cf1fc8e58d5e13434932110f3dd2f23a245cb8e42d53ba3bb3401c72c6ab82a40497989cb43
-
SSDEEP
3072:/oiJSuICoVLop3pYTGGcBtkowoxxnNycSi7LTl:tguYq2GGEkowCFpZfT
Behavioral task
behavioral1
Sample
127974ae306f0e0434bc6bcdff0b141907fbe11447eb60748dbd43ae87c43c06.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
127974ae306f0e0434bc6bcdff0b141907fbe11447eb60748dbd43ae87c43c06.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
127974ae306f0e0434bc6bcdff0b141907fbe11447eb60748dbd43ae87c43c06.exe.compressed
-
Size
99KB
-
MD5
fc0cd8c09e1bf0954c69148ce27d6763
-
SHA1
b1876fdbde6da1f79c9dae609a05ac5abb46b3f5
-
SHA256
8dde13bc5834ca881bbe14707b2ce81b776783150c4a7a8e49b772fb6d610b83
-
SHA512
4141cf923e1c492fd9fe7219b0ca99fd1dcecc81621c6d2781037cf1fc8e58d5e13434932110f3dd2f23a245cb8e42d53ba3bb3401c72c6ab82a40497989cb43
-
SSDEEP
3072:/oiJSuICoVLop3pYTGGcBtkowoxxnNycSi7LTl:tguYq2GGEkowCFpZfT
Score9/10-
Detects command variations typically used by ransomware
-
Detects executables containing many references to VEEAM. Observed in ransomware
-
Detects executables referencing many IR and analysis tools
-
Renames multiple (308) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies boot configuration data using bcdedit
-
Sets desktop wallpaper using registry
-