Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2024-05-22_731178dd28d3b8ee829fb6ac4d3c065a_wannacry
-
Size
323KB
-
Sample
240522-ltgz1sba59
-
MD5
731178dd28d3b8ee829fb6ac4d3c065a
-
SHA1
11c4a6be0a123812b916d4a8eba96857f311d906
-
SHA256
c9bd1abfb6e520d973284f2fbebaf14cd1cf5db7c2e2956e9d4a9b0564547b81
-
SHA512
9d2b61b08b9d1b8503ae647d27d5cf4604dfc81ff2c923933ea3bae473d8a3a4bdfe7032486baf1dfe5a28c51bc1f57a79f07ac289e045087dd9ebbbc870c024
-
SSDEEP
3072:ooy4lr9N4L/mQZt2FWtMB6w31viSYrwCa2CybjDjBJRrrS0n4+3GK2vVort6jbQG:fr9N4LS6MBrYH3vxshzmZ6jO7SV2
Behavioral task
behavioral1
Sample
2024-05-22_731178dd28d3b8ee829fb6ac4d3c065a_wannacry.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2024-05-22_731178dd28d3b8ee829fb6ac4d3c065a_wannacry.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
2024-05-22_731178dd28d3b8ee829fb6ac4d3c065a_wannacry
-
Size
323KB
-
MD5
731178dd28d3b8ee829fb6ac4d3c065a
-
SHA1
11c4a6be0a123812b916d4a8eba96857f311d906
-
SHA256
c9bd1abfb6e520d973284f2fbebaf14cd1cf5db7c2e2956e9d4a9b0564547b81
-
SHA512
9d2b61b08b9d1b8503ae647d27d5cf4604dfc81ff2c923933ea3bae473d8a3a4bdfe7032486baf1dfe5a28c51bc1f57a79f07ac289e045087dd9ebbbc870c024
-
SSDEEP
3072:ooy4lr9N4L/mQZt2FWtMB6w31viSYrwCa2CybjDjBJRrrS0n4+3GK2vVort6jbQG:fr9N4LS6MBrYH3vxshzmZ6jO7SV2
-
Chaos Ransomware
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Detects command variations typically used by ransomware
-
Modifies boot configuration data using bcdedit
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-