Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
eccee0c443e604d87fb981061e36960533924bc4b137ef8559b52b99f806b5e0.exe
-
Size
26KB
-
Sample
240128-vd7eeaeae6
-
MD5
e632ab5ad65cdb390fb2150fb501107b
-
SHA1
737824ea4d766063620946741fd478597f3f811a
-
SHA256
003a9f5a1004ad3ef786b2411e0006b253f3e9aa480d693f8e748a473782ee9d
-
SHA512
97d8a78fbe9b6ccc6e300be22553670a31184cb39365b0c5cb23912d8c0ba551314a8cc21b55cfb0597043c3fcb9032bc58ad1540eb2075a8b9fa3368d5ef68e
-
SSDEEP
384:vYenjLLAps4T5lBavzb/xlhKOVp91Qob5hxDGk:mOElB6sc9GobXxD/
Behavioral task
behavioral1
Sample
eccee0c443e604d87fb981061e36960533924bc4b137ef8559b52b99f806b5e0.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
eccee0c443e604d87fb981061e36960533924bc4b137ef8559b52b99f806b5e0.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\read_it.txt
chaos
Targets
-
-
Target
eccee0c443e604d87fb981061e36960533924bc4b137ef8559b52b99f806b5e0.exe
-
Size
26KB
-
MD5
e632ab5ad65cdb390fb2150fb501107b
-
SHA1
737824ea4d766063620946741fd478597f3f811a
-
SHA256
003a9f5a1004ad3ef786b2411e0006b253f3e9aa480d693f8e748a473782ee9d
-
SHA512
97d8a78fbe9b6ccc6e300be22553670a31184cb39365b0c5cb23912d8c0ba551314a8cc21b55cfb0597043c3fcb9032bc58ad1540eb2075a8b9fa3368d5ef68e
-
SSDEEP
384:vYenjLLAps4T5lBavzb/xlhKOVp91Qob5hxDGk:mOElB6sc9GobXxD/
Score10/10-
Chaos Ransomware
-
Detects command variations typically used by ransomware
-
Renames multiple (175) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-