Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-05-12_0fb4787dcc4bcb1f6f78a70e792fbc86_wannacry

  • Size

    100KB

  • Sample

    240512-d12zrsec8v

  • MD5

    0fb4787dcc4bcb1f6f78a70e792fbc86

  • SHA1

    e89c85f8495282ff03e91acab0ce8ebcba8d3299

  • SHA256

    d9773300b2b43d9c2091b02744e472df1fb1e0ab920d0f71eea30647fd2a819b

  • SHA512

    d530433119c8ee0117280cbdd9e88d374351ceb887f7e4b0e1481a3c08d27930075f3ca1c87d8b3f43da46adcbcc8a3d8ed3741456a6669b62414a670b58dbd2

  • SSDEEP

    3072:ioVUMbr91bmrmNi0XJdsh55gvms+sUnFhKoAvog:nr91Tf5aQv1+YP

Malware Config

Targets

    • Target

      2024-05-12_0fb4787dcc4bcb1f6f78a70e792fbc86_wannacry

    • Size

      100KB

    • MD5

      0fb4787dcc4bcb1f6f78a70e792fbc86

    • SHA1

      e89c85f8495282ff03e91acab0ce8ebcba8d3299

    • SHA256

      d9773300b2b43d9c2091b02744e472df1fb1e0ab920d0f71eea30647fd2a819b

    • SHA512

      d530433119c8ee0117280cbdd9e88d374351ceb887f7e4b0e1481a3c08d27930075f3ca1c87d8b3f43da46adcbcc8a3d8ed3741456a6669b62414a670b58dbd2

    • SSDEEP

      3072:ioVUMbr91bmrmNi0XJdsh55gvms+sUnFhKoAvog:nr91Tf5aQv1+YP

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Detects command variations typically used by ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks