Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

403a1s0ssssd7da.exe

windows7_x64

10

403a1s0ssssd7da.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    403a1s0ssssd7da.exe

  • Size

    717KB

  • Sample

    200709-4hvg5kw1ja

  • MD5

    b7409b7d45794e78aeaeb8b8b0dcac74

  • SHA1

    a800da4d4a34db9ae4435ebff81fcf7dcae808fc

  • SHA256

    f9397a0438f1e3a8d03aa326dc4910482df49dd295228d9a4dda1f55247fd6e3

  • SHA512

    2c5e6a560d4b3721404e99617c69c5e7f194040563167662b9269f5c6229a3257a38b6c2cddf6bc79dd7c10a7f506225c6e034fee178a8d9965a4ba222a56783

Score
10/10
evasionpersistenceransomwarespywaretrojan

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\Read_Me.txt

Ransom Note
Attention! All your files, documents, photos, databases and other important files are encrypted The only method of recovering files is to purchase an unique decryptor. Only we can give you this decryptor and only we can recover your files. The server with your decryptor is in a closed network TOR. You can get there by the following ways: ---------------------------------------------------------------------------------------- 1. Download Tor browser - https://www.torproject.org/ 2. Install Tor browser 3. Open Tor Browser 4. Open link in TOR browser: http://7rzpyw3hflwe2c7h.onion/?AAAAAAAA 5. Follow the instructions on this page ---------------------------------------------------------------------------------------- On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free. Alternate communication channel here: http://helpqvrg3cc5mvb3.onion/
URLs

http://7rzpyw3hflwe2c7h.onion/?AAAAAAAA

http://helpqvrg3cc5mvb3.onion/

Extracted

Path

\??\M:\Read_Me.txt

Ransom Note
Attention! All your files, documents, photos, databases and other important files are encrypted The only method of recovering files is to purchase an unique decryptor. Only we can give you this decryptor and only we can recover your files. The server with your decryptor is in a closed network TOR. You can get there by the following ways: ---------------------------------------------------------------------------------------- 1. Download Tor browser - https://www.torproject.org/ 2. Install Tor browser 3. Open Tor Browser 4. Open link in TOR browser: http://7rzpyw3hflwe2c7h.onion/?VMOPRTUW 5. Follow the instructions on this page ---------------------------------------------------------------------------------------- On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free. Alternate communication channel here: http://helpqvrg3cc5mvb3.onion/
URLs

http://7rzpyw3hflwe2c7h.onion/?VMOPRTUW

http://helpqvrg3cc5mvb3.onion/

Targets

    • Target

      403a1s0ssssd7da.exe

    • Size

      717KB

    • MD5

      b7409b7d45794e78aeaeb8b8b0dcac74

    • SHA1

      a800da4d4a34db9ae4435ebff81fcf7dcae808fc

    • SHA256

      f9397a0438f1e3a8d03aa326dc4910482df49dd295228d9a4dda1f55247fd6e3

    • SHA512

      2c5e6a560d4b3721404e99617c69c5e7f194040563167662b9269f5c6229a3257a38b6c2cddf6bc79dd7c10a7f506225c6e034fee178a8d9965a4ba222a56783

    Score
    10/10
    ransomwarepersistencespywareevasiontrojan

    • Modifies Installed Components in the registry

      persistence

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops desktop.ini file(s)

    • Enumerates connected drives

    • Modifies service

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks