Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SevenRedCodeDotnet.exe
-
Size
28KB
-
Sample
240501-gl82babf59
-
MD5
3b1ce9c2afe664f11ddfacceeca0875a
-
SHA1
166c88a4ccd007c5b460f77b8b1f5726ac91e22a
-
SHA256
5db37b4e53d6aa13481ae8d4d82907dbe652909e84b730c56dc2f7a89846cfda
-
SHA512
4f9bb3272e829e3959ad3c3ae459f8fcc36e73f58f5b86e1ce248261e6cbda820688a15dcad81f3e2cfffbdae5606faf730d035219644048b45f30afcb04ca01
-
SSDEEP
384:aTTADuwXZAQ+XKlT4AybtvCwrMc+4jvkjvcK5MhsYilRt9VSTxM66YNT/IszFd26:aTTAawS21jybWUnUZS99/gK
Static task
static1
Behavioral task
behavioral1
Sample
SevenRedCodeDotnet.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
SevenRedCodeDotnet.exe
Resource
win11-20240426-en
Malware Config
Targets
-
-
Target
SevenRedCodeDotnet.exe
-
Size
28KB
-
MD5
3b1ce9c2afe664f11ddfacceeca0875a
-
SHA1
166c88a4ccd007c5b460f77b8b1f5726ac91e22a
-
SHA256
5db37b4e53d6aa13481ae8d4d82907dbe652909e84b730c56dc2f7a89846cfda
-
SHA512
4f9bb3272e829e3959ad3c3ae459f8fcc36e73f58f5b86e1ce248261e6cbda820688a15dcad81f3e2cfffbdae5606faf730d035219644048b45f30afcb04ca01
-
SSDEEP
384:aTTADuwXZAQ+XKlT4AybtvCwrMc+4jvkjvcK5MhsYilRt9VSTxM66YNT/IszFd26:aTTAawS21jybWUnUZS99/gK
Score9/10-
Renames multiple (1009) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-