Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1d854192e5aac93a950c60e013a8f08283ad81f841dd90da9326198f37c8adda.zip
-
Size
395KB
-
Sample
240415-hzw5cahc99
-
MD5
6a8760c3dcdc871834f0c8f2d3b3b6ae
-
SHA1
d80be7a264d4c972ca4b1eeafa96c8356143ec62
-
SHA256
dd2b75cb2df230a562fb1d1cac43a847b63bf6658ac7fe36de316fbd2bc5610a
-
SHA512
55014e365c3e1d1cc5ca49d69c8268b7bac2e328dd2d8e055367a3b523d3a87cef7ead5e3ba22661f5fad118317adb9149441d5779fd1b2d99e15334c6f24d0f
-
SSDEEP
6144:2rfXp6yVdyYcH2t4qAdfGWkyPr6B7e5y72pe0Awa8yyVz9IrU4F5lDU0mddT46XD:a6y76RfGrPi5Q2Hy0RIrUaX4zf2MP
Static task
static1
Behavioral task
behavioral1
Sample
1d854192e5aac93a950c60e013a8f08283ad81f841dd90da9326198f37c8adda.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
1d854192e5aac93a950c60e013a8f08283ad81f841dd90da9326198f37c8adda.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
C:\Users\Admin\Contacts\Readme.txt
Targets
-
-
Target
1d854192e5aac93a950c60e013a8f08283ad81f841dd90da9326198f37c8adda
-
Size
767KB
-
MD5
ae2f422a1ca6558ca6dd723c1b351b7a
-
SHA1
eeec0b0012f1b6c41a70f6f13d2ec01e0b3ef6ad
-
SHA256
1d854192e5aac93a950c60e013a8f08283ad81f841dd90da9326198f37c8adda
-
SHA512
30a0ea93646669e6b2aac357e36c558da8fbd166435cc05d33daf80e01d12c4dfa903e6532ff0e58c47faee12c63998aa2313bb2e73650878f3d050654c751c3
-
SSDEEP
12288:WMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9Ks:WnsJ39LyjbJkQFMhmC+6GD9R
Score10/10-
Modifies boot configuration data using bcdedit
-
Renames multiple (456) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-