Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

11_memory_..._3.exe

windows7-x64

10

11_memory_..._3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    11_memory_f_1_multibabyk_ST_3.bin

  • Size

    79KB

  • Sample

    250307-kgrs1sw1gs

  • MD5

    4a5472fa1e3b923e585bb13c469a99eb

  • SHA1

    a07741da1ba6de1960de4e06af08fe77368bc294

  • SHA256

    5ca729238554fae412f5feee27a9a64ed7bc6ade3df2fdbd5380ee651a96ed7d

  • SHA512

    d8d2cf4302d48f944801f59cf41987951ac87065babd46bd82205977ad4066207037acd2576245b5cf55f07ac46c99dfee999cf4a18a757125e60e447e9fa212

  • SSDEEP

    1536:E+h4cLq0mzb9srQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2nbX:T4cLEf9srQLOJgY8Zp8LHD4XWaNH71dP

Score
10/10
babukdefense_evasiondiscoveryexecutionimpactransomware

Malware Config

Targets

    • Target

      11_memory_f_1_multibabyk_ST_3.bin

    • Size

      79KB

    • MD5

      4a5472fa1e3b923e585bb13c469a99eb

    • SHA1

      a07741da1ba6de1960de4e06af08fe77368bc294

    • SHA256

      5ca729238554fae412f5feee27a9a64ed7bc6ade3df2fdbd5380ee651a96ed7d

    • SHA512

      d8d2cf4302d48f944801f59cf41987951ac87065babd46bd82205977ad4066207037acd2576245b5cf55f07ac46c99dfee999cf4a18a757125e60e447e9fa212

    • SSDEEP

      1536:E+h4cLq0mzb9srQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2nbX:T4cLEf9srQLOJgY8Zp8LHD4XWaNH71dP

    Score
    10/10
    babukdefense_evasiondiscoveryexecutionimpactransomware

    • Babuk Locker

      RaaS first seen in 2021 initially called Vasa Locker.

      ransomwarebabuk

    • Babuk family

      babuk

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Renames multiple (137) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks