Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
96f11bc9f9e0ab89f050350dceadd938be0523a78f727f15553a52048f859225.exe.compressed
-
Size
99KB
-
Sample
240129-acjxhafahj
-
MD5
64d1d526ffed3c277c3fc4eb84fab4b0
-
SHA1
ff64f5dfd0da1b9151597f7583ea4c220f207f8c
-
SHA256
37fc9862afe543d0822e0df7ff59715dc70ff6a6d66f2a8ee12841cd21e67834
-
SHA512
97dc12c55fcf7a9bc54a07e3bf75591b6694252f206ef73c0bd0fdfd32cd84e5f704446da4d8f27931d4a71b67ad6a3dfc6888820af27dcf90183c9bb4b5afab
-
SSDEEP
1536:5Ij4aC6XEL1h8vJPW80Z/mS0ZTEk2PNzBTvLFKb1sWDYwN1UA6hA37n:o7a1iQMTEk2PNzOsnwd6hA
Malware Config
Targets
-
-
Target
96f11bc9f9e0ab89f050350dceadd938be0523a78f727f15553a52048f859225.exe.compressed
-
Size
99KB
-
MD5
64d1d526ffed3c277c3fc4eb84fab4b0
-
SHA1
ff64f5dfd0da1b9151597f7583ea4c220f207f8c
-
SHA256
37fc9862afe543d0822e0df7ff59715dc70ff6a6d66f2a8ee12841cd21e67834
-
SHA512
97dc12c55fcf7a9bc54a07e3bf75591b6694252f206ef73c0bd0fdfd32cd84e5f704446da4d8f27931d4a71b67ad6a3dfc6888820af27dcf90183c9bb4b5afab
-
SSDEEP
1536:5Ij4aC6XEL1h8vJPW80Z/mS0ZTEk2PNzBTvLFKb1sWDYwN1UA6hA37n:o7a1iQMTEk2PNzOsnwd6hA
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Detects command variations typically used by ransomware
-
Detects executables containing many references to VEEAM. Observed in ransomware
-
Detects executables referencing many IR and analysis tools
-
Renames multiple (283) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies boot configuration data using bcdedit
-
Sets desktop wallpaper using registry
-