Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
hel.txt
-
Size
244B
-
Sample
240813-kb8vcatbnc
-
MD5
da0f814f2dc31ac1076cdd89a44e8d92
-
SHA1
5ab7fb0c68a2cdfd5c8571c168e260982daae757
-
SHA256
905bb2585fdd9626b300e917ec0e4f89dd5fbea6381684efe5008551c5cc5902
-
SHA512
782a6a4744f20c13768c91bf429e7245b43f40e5c14d22077207a6ca9d30330a1b333b2baeb8a08613c9b0f031ee338aff1befdae2081dd17c166e8679a49403
Static task
static1
Behavioral task
behavioral1
Sample
hel.txt
Resource
win7-20240708-ja
Malware Config
Extracted
C:\Users\Admin\Desktop\@[email protected]
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
hel.txt
-
Size
244B
-
MD5
da0f814f2dc31ac1076cdd89a44e8d92
-
SHA1
5ab7fb0c68a2cdfd5c8571c168e260982daae757
-
SHA256
905bb2585fdd9626b300e917ec0e4f89dd5fbea6381684efe5008551c5cc5902
-
SHA512
782a6a4744f20c13768c91bf429e7245b43f40e5c14d22077207a6ca9d30330a1b333b2baeb8a08613c9b0f031ee338aff1befdae2081dd17c166e8679a49403
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Direct Volume Access
1File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Indicator Removal
2File Deletion
2Modify Registry
3