Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

1

Mail.png

windows11-21h2-x64

Resubmissions

04/05/2024, 07:58

240504-jt4gxaga2w 4

04/05/2024, 07:17

240504-h4kxwaaa25 9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Mail.PNG

  • Size

    5KB

  • Sample

    240504-h4kxwaaa25

  • MD5

    0fae52fd6258fc87144ac9304f713cf7

  • SHA1

    b3008501420f33a7f8c88be48dfd963710349dd3

  • SHA256

    dd3365e6847c78748d87d7c1faa9fe5e1870362bdaced28ed8809ef69cc3a982

  • SHA512

    ebc185c5a548780ce4b0f8869b9992c9f46fef32b2076b0aad7f29c6c34bcc2b9c5acf7aad6f6c8652f7a4df801a3b94b4eee9bf0ea24ecdad26c5ff04ce58b3

  • SSDEEP

    96:wGC5StXpyv1pMUp1ZwmN6iEBL7E0lar5/J5jabvmVTa9:PCctXpyNpVzwx7EVZjaCda9

Score
9/10
adwarediscoveryevasionexecutionpersistenceransomwarestealertrojan

Malware Config

Targets

    • Target

      Mail.PNG

    • Size

      5KB

    • MD5

      0fae52fd6258fc87144ac9304f713cf7

    • SHA1

      b3008501420f33a7f8c88be48dfd963710349dd3

    • SHA256

      dd3365e6847c78748d87d7c1faa9fe5e1870362bdaced28ed8809ef69cc3a982

    • SHA512

      ebc185c5a548780ce4b0f8869b9992c9f46fef32b2076b0aad7f29c6c34bcc2b9c5acf7aad6f6c8652f7a4df801a3b94b4eee9bf0ea24ecdad26c5ff04ce58b3

    • SSDEEP

      96:wGC5StXpyv1pMUp1ZwmN6iEBL7E0lar5/J5jabvmVTa9:PCctXpyNpVzwx7EVZjaCda9

    Score
    9/10
    adwarediscoveryevasionexecutionpersistenceransomwarestealertrojan

    • Renames multiple (169) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Downloads MZ/PE file

    • Modifies Installed Components in the registry

      persistence

    • Sets file execution options in registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Legitimate hosting services abused for malware hosting/C2

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks