Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
111s -
max time network
117s -
platform
windows7_x64 -
resource
win7 -
submitted
04/08/2020, 07:03
General
-
Target
271ef3c1d022829f0b15f2471d05a28d4786abafd0a9e1e742bde3f6b36872ad.exe
-
Size
1.1MB
-
MD5
a12e733ddbe6f404b27474fa0e5de61d
-
SHA1
e8d0c95621a19131ef9480e58a8d6dd3d15c9acd
-
SHA256
271ef3c1d022829f0b15f2471d05a28d4786abafd0a9e1e742bde3f6b36872ad
-
SHA512
f27605a283e958690eb7ad50aa46110b6d155217ad09d658ad3f9c4368d4c66ab623a0cc3489d695a02db462fec3bcf8ebee13f9da1bd61e2e3db46de2d73ddf
Score
10/10
Malware Config
Extracted
Path
\??\Volume{a2da1a04-afea-11ea-ab7e-806e6f6e6963}\Program Files\7-Zip\Lang\!!FAQ for Decryption!!.txt
Ransom Note
Good day. All your files are encrypted. For decryption contact us.
Write here [email protected]
We also inform that your databases, ftp server and file server were downloaded by us to our servers.
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software,
it may cause permanent data loss.
Emails
Signatures
-
Suspicious use of WriteProcessMemory 4 IoCs
-
Deletes itself 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\271ef3c1d022829f0b15f2471d05a28d4786abafd0a9e1e742bde3f6b36872ad.exe"C:\Users\Admin\AppData\Local\Temp\271ef3c1d022829f0b15f2471d05a28d4786abafd0a9e1e742bde3f6b36872ad.exe"1⤵
- Suspicious use of WriteProcessMemory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exe/c del C:\Users\Admin\AppData\Local\Temp\271ef3c1d022829f0b15f2471d05a28d4786abafd0a9e1e742bde3f6b36872ad.exe >> NUL2⤵
- Deletes itself
-