Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2024-06-16_02802d6a4fbf32c8cd28b0e5fe1e730a_ryuk
-
Size
4.2MB
-
Sample
240616-r41srs1erj
-
MD5
02802d6a4fbf32c8cd28b0e5fe1e730a
-
SHA1
195a0cc628e68677ff93a778ffdd9625a89b018e
-
SHA256
fbf84dfe51fa1666a9eb9cb7373bc72e6fe954e19816136952dc273650c1aa04
-
SHA512
cada611af431f59902ef92447c16ceaff30235868209ef7238184f41f515f2285e808edcf3ce3366e9ea3f52724234c29da23504d22fc206e223392122e194f4
-
SSDEEP
49152:lHlAUXb9MOlBWD9rqGLi0iIGTHI6DOnIIeNxu6xl1aZt6m5xbzDI6bpsRJrAGGU2:b2D8KiFIIm3Gob5iEuCv
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-16_02802d6a4fbf32c8cd28b0e5fe1e730a_ryuk.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
2024-06-16_02802d6a4fbf32c8cd28b0e5fe1e730a_ryuk
-
Size
4.2MB
-
MD5
02802d6a4fbf32c8cd28b0e5fe1e730a
-
SHA1
195a0cc628e68677ff93a778ffdd9625a89b018e
-
SHA256
fbf84dfe51fa1666a9eb9cb7373bc72e6fe954e19816136952dc273650c1aa04
-
SHA512
cada611af431f59902ef92447c16ceaff30235868209ef7238184f41f515f2285e808edcf3ce3366e9ea3f52724234c29da23504d22fc206e223392122e194f4
-
SSDEEP
49152:lHlAUXb9MOlBWD9rqGLi0iIGTHI6DOnIIeNxu6xl1aZt6m5xbzDI6bpsRJrAGGU2:b2D8KiFIIm3Gob5iEuCv
Score10/10-
Renames multiple (8872) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-