Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

DEVIL.exe

windows7-x64

DEVIL.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DEVIL.exe

  • Size

    82KB

  • Sample

    241002-avbnvayanr

  • MD5

    2150441385aa4c9a077161ba835ce528

  • SHA1

    cdd37f20aefdf4cd804423d490067616ce6a1088

  • SHA256

    bb81b7ee2f7a45c1d47ab1312886b7fe985cb4090b56fc216ba472486c430477

  • SHA512

    22947ba02700422a8ffec4cad5306e4d041359b636f71b6547c64077296747f698c3d5f8bcaf8b19451b74180105cf57688f5bffbf5ce86fb951c2fc4e361174

  • SSDEEP

    1536:QcpG/9Qa/9frl4yHoAhQUkvJlyloYJ2XStaIu2BgwtbN9ln0e7:Fs/qa/LBHiUkvpYJzdBgwVB7

Score
10/10
evasionpersistenceransomware

Malware Config

Targets

    • Target

      DEVIL.exe

    • Size

      82KB

    • MD5

      2150441385aa4c9a077161ba835ce528

    • SHA1

      cdd37f20aefdf4cd804423d490067616ce6a1088

    • SHA256

      bb81b7ee2f7a45c1d47ab1312886b7fe985cb4090b56fc216ba472486c430477

    • SHA512

      22947ba02700422a8ffec4cad5306e4d041359b636f71b6547c64077296747f698c3d5f8bcaf8b19451b74180105cf57688f5bffbf5ce86fb951c2fc4e361174

    • SSDEEP

      1536:QcpG/9Qa/9frl4yHoAhQUkvJlyloYJ2XStaIu2BgwtbN9ln0e7:Fs/qa/LBHiUkvpYJzdBgwVB7

    Score
    10/10
    evasionpersistenceransomware

    • Modifies WinLogon for persistence

      persistence

    • Disables Task Manager via registry modification

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks