Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2024-03-08...ia.exe

windows7-x64

10

2024-03-08...ia.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-03-08_e6b5e13d8aae2cf5e791fbe60ec677ae_mafia

  • Size

    316KB

  • Sample

    240308-ykppqaeg39

  • MD5

    e6b5e13d8aae2cf5e791fbe60ec677ae

  • SHA1

    2a9ef68c1132c5ad74f4ce93aab9d0c1835ae633

  • SHA256

    c403f7e974c51db645573422f4e2af7ba6337bd7eeab7ad6ebc8e7c22806a799

  • SHA512

    0a74bcd58599479c03c7f5d919ba52b8b85011ee42add3129e0c8b2b3913f97a03bb509939055e42d3ecc897918ab5270e7a23f86ff38b835de7f96ead28e87f

  • SSDEEP

    6144:JvE8NMO1UnseVgkV0xwvfxnhLTiusLe1740P:ayM0Unsna5mut40P

Score
10/10
gandcrabbackdoorpersistenceransomware

Malware Config

Targets

    • Target

      2024-03-08_e6b5e13d8aae2cf5e791fbe60ec677ae_mafia

    • Size

      316KB

    • MD5

      e6b5e13d8aae2cf5e791fbe60ec677ae

    • SHA1

      2a9ef68c1132c5ad74f4ce93aab9d0c1835ae633

    • SHA256

      c403f7e974c51db645573422f4e2af7ba6337bd7eeab7ad6ebc8e7c22806a799

    • SHA512

      0a74bcd58599479c03c7f5d919ba52b8b85011ee42add3129e0c8b2b3913f97a03bb509939055e42d3ecc897918ab5270e7a23f86ff38b835de7f96ead28e87f

    • SSDEEP

      6144:JvE8NMO1UnseVgkV0xwvfxnhLTiusLe1740P:ayM0Unsna5mut40P

    Score
    10/10
    gandcrabbackdoorpersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks