Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
133s -
max time network
72s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
10/07/2020, 17:40
General
-
Target
e942a8bcb3d4a6f6df6a6522e4d5c58d25cdbe369ecda1356a66dacbd3945d30.bin.exe
-
Size
643KB
-
MD5
ce9c4f5439c48aeeca3bc9f2cdfaf826
-
SHA1
8ec10319d7a8f3dc651d4a66d3b8297abf1f895e
-
SHA256
e942a8bcb3d4a6f6df6a6522e4d5c58d25cdbe369ecda1356a66dacbd3945d30
-
SHA512
574549c5d2554889a96fd985a806ed01db0028890c5f114af7c59eb4b59990979652b214e92fb0126fc61719144ff162465020940d87c825e37744d92e43f4da
Score
10/10
Malware Config
Extracted
Path
\??\Volume{44af7660-0000-0000-0000-500600000000}\odt\!!FAQ for Decryption!!.txt
Ransom Note
Good day. All your files are encrypted. For decryption contact us.
Write here [email protected]
We also inform that your databases, ftp server and file server were downloaded by us to our servers.
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software,
it may cause permanent data loss.
Emails
Signatures
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e942a8bcb3d4a6f6df6a6522e4d5c58d25cdbe369ecda1356a66dacbd3945d30.bin.exe"C:\Users\Admin\AppData\Local\Temp\e942a8bcb3d4a6f6df6a6522e4d5c58d25cdbe369ecda1356a66dacbd3945d30.bin.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe/c del C:\Users\Admin\AppData\Local\Temp\e942a8bcb3d4a6f6df6a6522e4d5c58d25cdbe369ecda1356a66dacbd3945d30.bin.exe >> NUL2⤵
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
4KB