Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

11_memory_..._1.exe

windows7-x64

10

11_memory_..._1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    11_memory_f_1_multibabyk_ST_1.bin

  • Size

    87KB

  • Sample

    250307-jpac9sxkw8

  • MD5

    3f2e642dc312962a86dceb2fff35fd22

  • SHA1

    7ade3be0403d0dcda6172518d45a7cfd7c57ea50

  • SHA256

    71fe435814c3fecfc901b76d4f89bf09f9479ceacffc0fb00dbe5f37e4c9956f

  • SHA512

    18146d8168ef73decaeffda8302adfa4b788ab4879599551f549cb7d71bc2df19a927e1e7f65574601f7edaa6d43458c4023cd6c0a477665b99a357cf61b0dd0

  • SSDEEP

    1536:MQRJMCUzAtXsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2NMNuQEoZF:PMCdpsrQLOJgY8Zp8LHD4XWaNH71dLd4

Score
10/10
babukdefense_evasiondiscoveryexecutionimpactransomware

Malware Config

Targets

    • Target

      11_memory_f_1_multibabyk_ST_1.bin

    • Size

      87KB

    • MD5

      3f2e642dc312962a86dceb2fff35fd22

    • SHA1

      7ade3be0403d0dcda6172518d45a7cfd7c57ea50

    • SHA256

      71fe435814c3fecfc901b76d4f89bf09f9479ceacffc0fb00dbe5f37e4c9956f

    • SHA512

      18146d8168ef73decaeffda8302adfa4b788ab4879599551f549cb7d71bc2df19a927e1e7f65574601f7edaa6d43458c4023cd6c0a477665b99a357cf61b0dd0

    • SSDEEP

      1536:MQRJMCUzAtXsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2NMNuQEoZF:PMCdpsrQLOJgY8Zp8LHD4XWaNH71dLd4

    Score
    10/10
    babukdefense_evasiondiscoveryexecutionimpactransomware

    • Babuk Locker

      RaaS first seen in 2021 initially called Vasa Locker.

      ransomwarebabuk

    • Babuk family

      babuk

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Renames multiple (212) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks