Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2025-03-09...er.exe

windows7-x64

1

2025-03-09...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-03-09_a3c743ce30d2d73701b720a2099deb45_babuk_destroyer

  • Size

    80KB

  • Sample

    250309-askhzawjz6

  • MD5

    a3c743ce30d2d73701b720a2099deb45

  • SHA1

    dc290014c229c65d507c0823f60c84c9d91ed9d2

  • SHA256

    6e71fb30112be845738ea4e85e34735644f1a95c6755882c0e77ede06d86aae5

  • SHA512

    e2e2d8ea5881523d24eb8b356cf7aacf5a4f3918294507d4bb57e8b275b442e5a7134be6ad9d9b1f4db0ea440abcbbac0578ff37ba763b5178d2569286b3c661

  • SSDEEP

    1536:jHNWBeGTaJYisrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2qMB:cBeJ2isrQLOJgY8Zp8LHD4XWaNH71dLP

Score
10/10
babukdefense_evasiondiscoveryexecutionimpactransomware

Malware Config

Targets

    • Target

      2025-03-09_a3c743ce30d2d73701b720a2099deb45_babuk_destroyer

    • Size

      80KB

    • MD5

      a3c743ce30d2d73701b720a2099deb45

    • SHA1

      dc290014c229c65d507c0823f60c84c9d91ed9d2

    • SHA256

      6e71fb30112be845738ea4e85e34735644f1a95c6755882c0e77ede06d86aae5

    • SHA512

      e2e2d8ea5881523d24eb8b356cf7aacf5a4f3918294507d4bb57e8b275b442e5a7134be6ad9d9b1f4db0ea440abcbbac0578ff37ba763b5178d2569286b3c661

    • SSDEEP

      1536:jHNWBeGTaJYisrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2qMB:cBeJ2isrQLOJgY8Zp8LHD4XWaNH71dLP

    Score
    10/10
    babukdefense_evasiondiscoveryexecutionimpactransomware

    • Babuk Locker

      RaaS first seen in 2021 initially called Vasa Locker.

      ransomwarebabuk

    • Babuk family

      babuk

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Renames multiple (175) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks