Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
VirusShare_2159f467a156a355c527f8816dc99375
-
Size
350KB
-
Sample
240610-mtx7nsgg53
-
MD5
2159f467a156a355c527f8816dc99375
-
SHA1
41dd19f62208901d4dd454d084382dc408fc0bf1
-
SHA256
2de0e8bfc87c75268fc4dd06971cfa4eaa6ef0703a92b07e8a3d1d78473e2758
-
SHA512
14eb7a5bae2f09b7a11682689677d4ad61b83a81c0bb64d880d97cd858147ad5362038b3ccf67a7e3958aa06105e71f81b6cab01b01f5edf527efeabaf468874
-
SSDEEP
6144:zqjAgHiAy4sYQwxmE8r3M9NQbkN4PYITd/FP1i2/ph80vVy98G2fms7L:zXopy41mEaM9+b3PFNFlhTy98G2eqL
Static task
static1
Behavioral task
behavioral1
Sample
VirusShare_2159f467a156a355c527f8816dc99375.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
VirusShare_2159f467a156a355c527f8816dc99375.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\-!RecOveR!-sxduh++.Txt
http://k47d3.proporr.com/DCC74656A122B45C
http://wor4d.slewirk.at/DCC74656A122B45C
http://kbv5s.kylepasse.at/DCC74656A122B45C
http://yyhn7fpvq44cqcu3.onion/DCC74656A122B45C
Extracted
C:\Program Files\Common Files\DESIGNER\-!RecOveR!-wxdkm++.Txt
http://k47d3.proporr.com/225A1510AD1888A7
http://wor4d.slewirk.at/225A1510AD1888A7
http://kbv5s.kylepasse.at/225A1510AD1888A7
http://yyhn7fpvq44cqcu3.onion/225A1510AD1888A7
Targets
-
-
Target
VirusShare_2159f467a156a355c527f8816dc99375
-
Size
350KB
-
MD5
2159f467a156a355c527f8816dc99375
-
SHA1
41dd19f62208901d4dd454d084382dc408fc0bf1
-
SHA256
2de0e8bfc87c75268fc4dd06971cfa4eaa6ef0703a92b07e8a3d1d78473e2758
-
SHA512
14eb7a5bae2f09b7a11682689677d4ad61b83a81c0bb64d880d97cd858147ad5362038b3ccf67a7e3958aa06105e71f81b6cab01b01f5edf527efeabaf468874
-
SSDEEP
6144:zqjAgHiAy4sYQwxmE8r3M9NQbkN4PYITd/FP1i2/ph80vVy98G2fms7L:zXopy41mEaM9+b3PFNFlhTy98G2eqL
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-