Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

2024-09-02...re.exe

windows7-x64

8

2024-09-02...re.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-09-02_0041e8bf2ba98bc2aca9852d5667e244_bkransomware

  • Size

    6.7MB

  • Sample

    240902-ng5lnayfrm

  • MD5

    0041e8bf2ba98bc2aca9852d5667e244

  • SHA1

    5b9ae5d856e7fd5cb08538aed4360a933c46114e

  • SHA256

    34d1686143c6c81e76ec46086f81c65ccd17a46ca279da4c64691dd69af86049

  • SHA512

    8ab9d46a9d4e05ad5a823cb74e3f336d6bdc665aa443a62bd71ecb98603d9568cb3267893d2817fccd93719afa707ecaf1fcb162fcd501753a05bf1f7dbdfc7e

  • SSDEEP

    196608:/FC364Cf8WLJsckCEe6pwCmlZohTFLROTW8kD:nEWdscxPCXTFNOoD

Score
8/10
defense_evasiondiscoveryexecution

Malware Config

Targets

    • Target

      2024-09-02_0041e8bf2ba98bc2aca9852d5667e244_bkransomware

    • Size

      6.7MB

    • MD5

      0041e8bf2ba98bc2aca9852d5667e244

    • SHA1

      5b9ae5d856e7fd5cb08538aed4360a933c46114e

    • SHA256

      34d1686143c6c81e76ec46086f81c65ccd17a46ca279da4c64691dd69af86049

    • SHA512

      8ab9d46a9d4e05ad5a823cb74e3f336d6bdc665aa443a62bd71ecb98603d9568cb3267893d2817fccd93719afa707ecaf1fcb162fcd501753a05bf1f7dbdfc7e

    • SSDEEP

      196608:/FC364Cf8WLJsckCEe6pwCmlZohTFLROTW8kD:nEWdscxPCXTFNOoD

    Score
    8/10
    defense_evasiondiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Indirect Command Execution

      Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.

      defense_evasion

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks