Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-08-19...de.exe

windows7-x64

9

2024-08-19...de.exe

windows10-2004-x64

9

Resubmissions

19/08/2024, 02:08

240819-ckmz8ssapl 10

19/08/2024, 01:29

240819-bwmyyazelq 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-08-19_f24e4d221c73ebf1c2fb12d15c13fde9_darkside

  • Size

    145KB

  • Sample

    240819-bwmyyazelq

  • MD5

    f24e4d221c73ebf1c2fb12d15c13fde9

  • SHA1

    019ef3cbd70a0c4e3ea5c45ec4afdc28a655ed81

  • SHA256

    4f006379bbd3a2b2611346595ce373595031177d7043200591d81150aefc8ee0

  • SHA512

    1508ebf2cba481eda06707d133b994932688d6d3be6c1373e9e88bf8c36a02331df31dc1a575b6e4ed8a160294c88ae8767115af16af94e51b1589bdeedd1629

  • SSDEEP

    3072:H6glyuxE4GsUPnliByocWepMIO/oULmUHI:H6gDBGpvEByocWeGy6

Score
10/10
lockbitdefense_evasiondiscoveryransomwarespywarestealer

Malware Config

Targets

    • Target

      2024-08-19_f24e4d221c73ebf1c2fb12d15c13fde9_darkside

    • Size

      145KB

    • MD5

      f24e4d221c73ebf1c2fb12d15c13fde9

    • SHA1

      019ef3cbd70a0c4e3ea5c45ec4afdc28a655ed81

    • SHA256

      4f006379bbd3a2b2611346595ce373595031177d7043200591d81150aefc8ee0

    • SHA512

      1508ebf2cba481eda06707d133b994932688d6d3be6c1373e9e88bf8c36a02331df31dc1a575b6e4ed8a160294c88ae8767115af16af94e51b1589bdeedd1629

    • SSDEEP

      3072:H6glyuxE4GsUPnliByocWepMIO/oULmUHI:H6gDBGpvEByocWeGy6

    Score
    9/10
    defense_evasiondiscoveryransomwarespywarestealer

    • Renames multiple (308) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

      ransomware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks