556fd6a1478c7ef931b891b6bf66a56b58f0aacc2af20b95084b638d7382b063 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

Screenshot...PM.png

windows7-x64

Screenshot...PM.png

macos-10.15-amd64

4

Sharing

General

Target

Screenshot 2024-07-13 8.23.12 PM.png
Size

27KB
Sample

240714-ed7r6svhnl
MD5

0f21015a4e03df1d0512369a4a476a6c
SHA1

52509e4698ef7656978e34876c0b5a567e1e0c20
SHA256

556fd6a1478c7ef931b891b6bf66a56b58f0aacc2af20b95084b638d7382b063
SHA512

12db1e3a0645f07282c6c0e940dbb65230a40d2fdbd0f96cbcd5ac40bb0758e101c83737d60c17382a188856b2760f9448492a196ee578bc72e84eace0d302c6
SSDEEP

768:rtbyeZym3QSpdMz3e3itsXwwpUcCNBD+OfZNU5DZi:5wuQSjMDe3AXz/Dnc5DZi

Score

10^/10

evasion macos persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

Screenshot 2024-07-13 8.23.12 PM.png

Resource

win7-20240708-en

evasion persistence ransomware

windows7-x64

25 signatures

1800 seconds

Behavioral task

behavioral2

Sample

Screenshot 2024-07-13 8.23.12 PM.png

Resource

macos-20240711.1-en

macos-10.15-amd64

1 signatures

1800 seconds

Malware Config

Targets

- Target
  
  Screenshot 2024-07-13 8.23.12 PM.png
- Size
  
  27KB
- MD5
  
  0f21015a4e03df1d0512369a4a476a6c
- SHA1
  
  52509e4698ef7656978e34876c0b5a567e1e0c20
- SHA256
  
  556fd6a1478c7ef931b891b6bf66a56b58f0aacc2af20b95084b638d7382b063
- SHA512
  
  12db1e3a0645f07282c6c0e940dbb65230a40d2fdbd0f96cbcd5ac40bb0758e101c83737d60c17382a188856b2760f9448492a196ee578bc72e84eace0d302c6
- SSDEEP
  
  768:rtbyeZym3QSpdMz3e3itsXwwpUcCNBD+OfZNU5DZi:5wuQSjMDe3AXz/Dnc5DZi
Score

10^/10

evasion persistence ransomware
- Modifies visibility of file extensions in Explorer
  evasion
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Drops startup file
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Resource Forking

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

evasionpersistenceransomware

behavioral2

© 2018-2025

Terms | Privacy