Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-05-28_3d92a5ba0510fa666565200a3d7f8c4f_destroyer_wannacry

  • Size

    37KB

  • Sample

    240528-3dxtzagf8z

  • MD5

    3d92a5ba0510fa666565200a3d7f8c4f

  • SHA1

    a1003312ef89abe43028f4c466e3017a461fe7eb

  • SHA256

    a73988ddd7012dbea460e6afe763dfc87fa788784301db187b6bc832a1b90b3e

  • SHA512

    b79b58048f019bcfee19c36d3368deba30d8088f22b107bd69f107e8647fc6db1a7174cfdb4c6cd4f16c2dee1a0c879ba8b7b675dfcd97afbb38276c17053787

  • SSDEEP

    768:3qo2ZK/hpktD8Hr92rda445lTtG/lpuBYXf3oZQEqj3mIgTeM:6o2Ze8D8Hr96da445xYlwBYgqEq7mqM

Malware Config

Targets

    • Target

      2024-05-28_3d92a5ba0510fa666565200a3d7f8c4f_destroyer_wannacry

    • Size

      37KB

    • MD5

      3d92a5ba0510fa666565200a3d7f8c4f

    • SHA1

      a1003312ef89abe43028f4c466e3017a461fe7eb

    • SHA256

      a73988ddd7012dbea460e6afe763dfc87fa788784301db187b6bc832a1b90b3e

    • SHA512

      b79b58048f019bcfee19c36d3368deba30d8088f22b107bd69f107e8647fc6db1a7174cfdb4c6cd4f16c2dee1a0c879ba8b7b675dfcd97afbb38276c17053787

    • SSDEEP

      768:3qo2ZK/hpktD8Hr92rda445lTtG/lpuBYXf3oZQEqj3mIgTeM:6o2Ze8D8Hr96da445xYlwBYgqEq7mqM

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Detects command variations typically used by ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks