Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3a9e400a82ba9eb1def60b00dba7c8a3ac218387187ff021d6a01413b2f871faN
-
Size
4.9MB
-
Sample
241021-c1ry5awcqm
-
MD5
577e39ec86dc40ba5b4d5f2f72cc86b0
-
SHA1
478ffeae8689f1bc11dc5e93be201a671b7432db
-
SHA256
3a9e400a82ba9eb1def60b00dba7c8a3ac218387187ff021d6a01413b2f871fa
-
SHA512
0fed7ef6faf0fd6ee905356b0faad4fe3a3bc490edac2fdca6b822902be102e70894c65ef88707c0849b54d73e2c0c6ab49cfc4395124c38a894fb0e00ef6033
-
SSDEEP
49152:9bKpDOfjxAkrQKl+RPAFI1l42m+AIGvyRCgZT63MCELe:0paAKQkroGIC
Static task
static1
Behavioral task
behavioral1
Sample
3a9e400a82ba9eb1def60b00dba7c8a3ac218387187ff021d6a01413b2f871faN.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
3a9e400a82ba9eb1def60b00dba7c8a3ac218387187ff021d6a01413b2f871faN.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
3a9e400a82ba9eb1def60b00dba7c8a3ac218387187ff021d6a01413b2f871faN
-
Size
4.9MB
-
MD5
577e39ec86dc40ba5b4d5f2f72cc86b0
-
SHA1
478ffeae8689f1bc11dc5e93be201a671b7432db
-
SHA256
3a9e400a82ba9eb1def60b00dba7c8a3ac218387187ff021d6a01413b2f871fa
-
SHA512
0fed7ef6faf0fd6ee905356b0faad4fe3a3bc490edac2fdca6b822902be102e70894c65ef88707c0849b54d73e2c0c6ab49cfc4395124c38a894fb0e00ef6033
-
SSDEEP
49152:9bKpDOfjxAkrQKl+RPAFI1l42m+AIGvyRCgZT63MCELe:0paAKQkroGIC
Score9/10-
Renames multiple (316) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-