Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1562590baaeb5bcf11af33b2f2e258e934fc4ded14cfbd921990a68e2c8a15bc.exe
-
Size
26KB
-
Sample
240128-14qggacfhj
-
MD5
31a1acedf526005f97bed6f470c757db
-
SHA1
f85d9b7747e0f3e1df8f4bae0f9f3b149a54af9e
-
SHA256
8df39ec3aac60f56323ff08aef4e0d4cc09d4bc04d6794468a007443c3f9af5f
-
SHA512
d367787a0fe756a0ecb63a77308aebda7a3c89c1eaa30557913278cb1e46ab7f2c1abf27b59191ec36c4542a222535652d5155715bbf30e071e6c91d6c1b5a2f
-
SSDEEP
384:qYenjLLAps4T5lBavzb/xlhKOVp91QVb5hxDG5q:5OElB6sc9GVbXxDb
Behavioral task
behavioral1
Sample
1562590baaeb5bcf11af33b2f2e258e934fc4ded14cfbd921990a68e2c8a15bc.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
1562590baaeb5bcf11af33b2f2e258e934fc4ded14cfbd921990a68e2c8a15bc.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\read_it.txt
chaos
Targets
-
-
Target
1562590baaeb5bcf11af33b2f2e258e934fc4ded14cfbd921990a68e2c8a15bc.exe
-
Size
26KB
-
MD5
31a1acedf526005f97bed6f470c757db
-
SHA1
f85d9b7747e0f3e1df8f4bae0f9f3b149a54af9e
-
SHA256
8df39ec3aac60f56323ff08aef4e0d4cc09d4bc04d6794468a007443c3f9af5f
-
SHA512
d367787a0fe756a0ecb63a77308aebda7a3c89c1eaa30557913278cb1e46ab7f2c1abf27b59191ec36c4542a222535652d5155715bbf30e071e6c91d6c1b5a2f
-
SSDEEP
384:qYenjLLAps4T5lBavzb/xlhKOVp91QVb5hxDG5q:5OElB6sc9GVbXxDb
Score10/10-
Chaos Ransomware
-
Detects command variations typically used by ransomware
-
Renames multiple (173) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-