Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

3372c1edab...70.exe

windows10-2004-x64

9

51B4EF5DC9...67.exe

windows10-2004-x64

1

E906FA3D51...56.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ransomware.TeslaCrypt.zip

  • Size

    479KB

  • Sample

    240510-prct3aee81

  • MD5

    f755a44bbb97e9ba70bf38f1bdc67722

  • SHA1

    f70331eb64fd893047f263623ffb1e74e6fe4187

  • SHA256

    3b246faa7e4b2a8550aa619f4da893db83721aacf62b46e5863644a5249aa87e

  • SHA512

    f8ce666ae273e6c5cd57447189a8cf0e53c7704cf269fa120068f21e6faf6c89e2e75f37aee43cac83f4534790c5c6f1827621684034ef3eb7e94d7ee1ac365e

  • SSDEEP

    6144:xQAq0svy/pQhk1NBePvxGNWeOyqYAGfr/H/h60BHtzbprAvNGTG/fi5QCIq3h11Z:LyKoUlWeOP8HXrINZ/2uJUgVu

Score
9/10
persistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370

    • Size

      284KB

    • MD5

      209a288c68207d57e0ce6e60ebf60729

    • SHA1

      e654d39cd13414b5151e8cf0d8f5b166dddd45cb

    • SHA256

      3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370

    • SHA512

      ce4a7e42738154183fc53702f0841dfd4ad1eb0567b13cc1ff0909f1d330e9cd2fb994375efc6f02e7eddaaae1f465ff93458412143266afdaff1c6bf6477fc3

    • SSDEEP

      3072:rYXT8PUsMNL8V4tD2My/JAAbQoM29wlV58lbNnolY7VgsYiVTPtiTu/q:rowUsML8g2j0o9wb0bNoaKsYImui

    Score
    9/10
    persistenceransomwarespywarestealer

    • Renames multiple (3752) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1

    • Target

      51B4EF5DC9D26B7A26E214CEE90598631E2EAA67

    • Size

      257KB

    • MD5

      6e080aa085293bb9fbdcc9015337d309

    • SHA1

      51b4ef5dc9d26b7a26e214cee90598631e2eaa67

    • SHA256

      9b462800f1bef019d7ec00098682d3ea7fc60e6721555f616399228e4e3ad122

    • SHA512

      4e173fb5287c7ea8ff116099ec1a0599b37f743f8b798368319b5960af38e742124223dfd209457665b701e9efc6e76071fa2513322b232ac50ddad21fcebe77

    • SSDEEP

      6144:xy+als+0nIycigV5cbEo6dZbBODPIsjQ/UFsYW:xy+aCFnIycigVSbObBODTMUd

    Score
    1/10
    behavioral2

    • Target

      E906FA3D51E86A61741B3499145A114E9BFB7C56

    • Size

      261KB

    • MD5

      6d3d62a4cff19b4f2cc7ce9027c33be8

    • SHA1

      e906fa3d51e86a61741b3499145a114e9bfb7c56

    • SHA256

      afaba2400552c7032a5c4c6e6151df374d0e98dc67204066281e30e6699dbd18

    • SHA512

      973643639cb02491b86d5b264ee8118a67d8a83453307aea95de2f4c6aa55819d37730c41dc3338116ebe86f9a4f2bba7d9537ea744ae08b9755f05c15153fad

    • SSDEEP

      6144:93g0BQG+aZiycigV5bbEo6dZbBODPIsjQ/UFsYWo:93g0OGjZiycigVRbObBODTMUdj

    Score
    1/10
    behavioral3

MITRE ATT&CK Enterprise v15

Tasks