Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
123s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20250217-en -
resource tags
arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system -
submitted
25/02/2025, 20:07
Static task
static1
Behavioral task
behavioral1
Sample
2adcf43d221de2f72ba5088dac3a3193219412882df711d095f04e3f5b40767c.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2adcf43d221de2f72ba5088dac3a3193219412882df711d095f04e3f5b40767c.exe
Resource
win10v2004-20250217-en
General
-
Target
2adcf43d221de2f72ba5088dac3a3193219412882df711d095f04e3f5b40767c.exe
-
Size
2.1MB
-
MD5
57ebf50902949e13220b379c136db8a7
-
SHA1
75d55564986c8fb2d24c2f467e9c0cd2196a2055
-
SHA256
2adcf43d221de2f72ba5088dac3a3193219412882df711d095f04e3f5b40767c
-
SHA512
77d90317289a247c1bda59e378b9073cf2c1a8d30763bd68c33b8a256f1dc2edb1f380dafd1572a2f762a4400f15d52c9375d4314c07faa3f78ee7011508de33
-
SSDEEP
49152:6VkETZV9OLiWLunGxHqsEbtNPDLzA7YzminZ:VETAi4EgHqsEpFL
Malware Config
Signatures
-
BlackSuit
A ransomware first detected in May 2023 linked to the Conti group.
-
Blacksuit_windows family
-
Detects the Windows variant of BlackSuit Ransomware 2 IoCs
resource yara_rule behavioral2/memory/3964-1-0x0000000002400000-0x0000000002459000-memory.dmp family_blacksuit_windows behavioral2/memory/3964-2-0x0000000002400000-0x0000000002459000-memory.dmp family_blacksuit_windows -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2adcf43d221de2f72ba5088dac3a3193219412882df711d095f04e3f5b40767c.exe