Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
44000c80effa84d7b149003e07b9c73ebfdb73f21672f6beee69f6a298c226fb
-
Size
56.0MB
-
Sample
250307-3rm7payzay
-
MD5
bf362ca5f9b4dfa01b0ca45937f0f8d2
-
SHA1
0dac7e77257f51ee11e04803874d764e8fa8ae3a
-
SHA256
33e648333f7d85219d6b82e64c44f9ee849e99da8691deddcb34ee694c73c538
-
SHA512
4b83fd771113cdfc2c4c4a58546802e8e8d115a546193b74a5eccd73a1420819a4f5c117b1a33cb5c715fad5bb3513b472dfd81af928a9c24290abe5fad39497
-
SSDEEP
196608:cmKu818v8SYdQmRm8Qnf2ODjMnGydS8GrNs:Gu81olYdQdF3MnG38GrNs
Malware Config
Targets
-
-
Target
44000c80effa84d7b149003e07b9c73ebfdb73f21672f6beee69f6a298c226fb
-
Size
56.0MB
-
MD5
bf362ca5f9b4dfa01b0ca45937f0f8d2
-
SHA1
0dac7e77257f51ee11e04803874d764e8fa8ae3a
-
SHA256
33e648333f7d85219d6b82e64c44f9ee849e99da8691deddcb34ee694c73c538
-
SHA512
4b83fd771113cdfc2c4c4a58546802e8e8d115a546193b74a5eccd73a1420819a4f5c117b1a33cb5c715fad5bb3513b472dfd81af928a9c24290abe5fad39497
-
SSDEEP
196608:cmKu818v8SYdQmRm8Qnf2ODjMnGydS8GrNs:Gu81olYdQdF3MnG38GrNs
Score10/10-
Avoslocker Ransomware
Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.
-
Avoslocker family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Renames multiple (7662) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Windows Management Instrumentation
1Defense Evasion
Direct Volume Access
1Indicator Removal
2File Deletion
2Modify Registry
1