Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
14/09/2024, 02:43
Behavioral task
behavioral1
Sample
2024-09-14_f257d37c05d29e725071a900ef49f1c9_wannacry.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2024-09-14_f257d37c05d29e725071a900ef49f1c9_wannacry.exe
Resource
win10v2004-20240802-en
General
-
Target
2024-09-14_f257d37c05d29e725071a900ef49f1c9_wannacry.exe
-
Size
538KB
-
MD5
f257d37c05d29e725071a900ef49f1c9
-
SHA1
11fa3fc864d53a90cd4ed3c4e3e3aba3c7890fae
-
SHA256
aaf3cf701b06ca873f9fdbf5b4ba33722c6ecea49316a344df35926a45bce1fb
-
SHA512
945ce0d2305183bf5ab19a563259d9f8cf39b115608f254c15e8d29cc542807290975d49b8de344400493f106e23a196a92f0197154719a49d5c3ff684cd8fab
-
SSDEEP
3072:6XpAi2YcRVm16Pn6n0H7GMgXuD//bFLAkC8htEyR/x5Zt19r0d/rFLjZkJ:6XpAiWm16yaGMVFLQmEFFL2
Malware Config
Signatures
-
Chaos
Ransomware family first seen in June 2021.
-
Chaos Ransomware 1 IoCs
resource yara_rule behavioral1/memory/2336-1-0x0000000000070000-0x00000000000FC000-memory.dmp family_chaos -
Suspicious behavior: EnumeratesProcesses 3 IoCs
pid Process 2336 2024-09-14_f257d37c05d29e725071a900ef49f1c9_wannacry.exe 2336 2024-09-14_f257d37c05d29e725071a900ef49f1c9_wannacry.exe 2336 2024-09-14_f257d37c05d29e725071a900ef49f1c9_wannacry.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2336 2024-09-14_f257d37c05d29e725071a900ef49f1c9_wannacry.exe