Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

13/08/2024, 15:25

240813-st24hs1emh 10

13/08/2024, 15:05

240813-sf5mgszgnh 9

13/08/2024, 15:01

240813-sedglszfph 3

General

  • Target

    78999[1]

  • Size

    111KB

  • Sample

    240813-sf5mgszgnh

  • MD5

    00bb206e6e711332d71b1cb740ed77df

  • SHA1

    992bfb30bcf7870a9b20501f4cdc4721a82eb571

  • SHA256

    d12d332a503419991743de6755dde8d860a08ef248bd49b7e67da90273655bf4

  • SHA512

    1acd4e9d7fc7ddf42fc4b3fed7dace79b957bddb99730567def9e88443a6f6db126cc0af1d861a682117eb06ac93a28db6b564a6bd6193b419da517060e757dd

  • SSDEEP

    3072:XywYkVdhEdvYR4NjHQZxxxAMO4Gs4zREx0nZN6EzVtR:C+dhAHNPMO4Gs4zREx0PzN

Score
9/10

Malware Config

Targets

    • Target

      78999[1]

    • Size

      111KB

    • MD5

      00bb206e6e711332d71b1cb740ed77df

    • SHA1

      992bfb30bcf7870a9b20501f4cdc4721a82eb571

    • SHA256

      d12d332a503419991743de6755dde8d860a08ef248bd49b7e67da90273655bf4

    • SHA512

      1acd4e9d7fc7ddf42fc4b3fed7dace79b957bddb99730567def9e88443a6f6db126cc0af1d861a682117eb06ac93a28db6b564a6bd6193b419da517060e757dd

    • SSDEEP

      3072:XywYkVdhEdvYR4NjHQZxxxAMO4Gs4zREx0nZN6EzVtR:C+dhAHNPMO4Gs4zREx0PzN

    Score
    9/10
    • Renames multiple (5907) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks