Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2024-02-23...ia.exe

windows7-x64

10

2024-02-23...ia.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-02-23_73dd267765c025163615faa216189d4f_karagany_mafia

  • Size

    308KB

  • Sample

    240223-fe1kxsbg52

  • MD5

    73dd267765c025163615faa216189d4f

  • SHA1

    506cf88c2a3d03cc7c9c87770bf80660ae994ef6

  • SHA256

    356fb936abf54524d766199857e2dd128a5185303703beeb52c3ff7b7fa16aa1

  • SHA512

    ba797ad44151b69d828acb48b9846d09a9418ae6b5557fde54bfa701c9a8d9423e928893d2ab44f7fdc57b18e5f7f245b848c80efd7fdc21c2401b5aa85b06ac

  • SSDEEP

    6144:wzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:WDHNam62ZdKmZmuPH

Score
10/10
gandcrabbackdoorpersistenceransomware

Malware Config

Targets

    • Target

      2024-02-23_73dd267765c025163615faa216189d4f_karagany_mafia

    • Size

      308KB

    • MD5

      73dd267765c025163615faa216189d4f

    • SHA1

      506cf88c2a3d03cc7c9c87770bf80660ae994ef6

    • SHA256

      356fb936abf54524d766199857e2dd128a5185303703beeb52c3ff7b7fa16aa1

    • SHA512

      ba797ad44151b69d828acb48b9846d09a9418ae6b5557fde54bfa701c9a8d9423e928893d2ab44f7fdc57b18e5f7f245b848c80efd7fdc21c2401b5aa85b06ac

    • SSDEEP

      6144:wzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:WDHNam62ZdKmZmuPH

    Score
    10/10
    gandcrabbackdoorpersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks