Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

5de4db7670...f5.exe

windows7-x64

5de4db7670...f5.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5de4db7670dd11f2f3e1873fe5a87349c2676739912fd92b671fa1432d4461f5

  • Size

    50KB

  • Sample

    240309-2hfwksdc2z

  • MD5

    381da20afb7a5cfd4c7574faea82da3a

  • SHA1

    34458e430b147540a508474e6531016540bb4bf0

  • SHA256

    5de4db7670dd11f2f3e1873fe5a87349c2676739912fd92b671fa1432d4461f5

  • SHA512

    974258bb044869ceb6cc90062f1d10e8586a945cc87b106971d98686d50d43e95f41781be81e06161acd1c9d3fdac8229b02157311d13c0e8839411d3bf97451

  • SSDEEP

    768:LZ+Zxe90i19C92eocaWTmNtY6coZOu5dGcTYKBZUkhkPZoMi/M6rm0ZO:LaiZ19C92eocaWTKtNJZOu5EFgZHQ816

Score
9/10
evasionpersistenceransomware

Malware Config

Targets

    • Target

      5de4db7670dd11f2f3e1873fe5a87349c2676739912fd92b671fa1432d4461f5

    • Size

      50KB

    • MD5

      381da20afb7a5cfd4c7574faea82da3a

    • SHA1

      34458e430b147540a508474e6531016540bb4bf0

    • SHA256

      5de4db7670dd11f2f3e1873fe5a87349c2676739912fd92b671fa1432d4461f5

    • SHA512

      974258bb044869ceb6cc90062f1d10e8586a945cc87b106971d98686d50d43e95f41781be81e06161acd1c9d3fdac8229b02157311d13c0e8839411d3bf97451

    • SSDEEP

      768:LZ+Zxe90i19C92eocaWTmNtY6coZOu5dGcTYKBZUkhkPZoMi/M6rm0ZO:LaiZ19C92eocaWTKtNJZOu5EFgZHQ816

    Score
    9/10
    evasionpersistenceransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks