Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

invoice_NQ_Supply.xls

windows7_x64

10

invoice_NQ_Supply.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    invoice_NQ_Supply.xls

  • Size

    83KB

  • Sample

    210122-f2e17cd27a

  • MD5

    50fecec126570e4b8fcd531d6711879a

  • SHA1

    9166aee4a6815e4f67e0ae43344d8ca144958d47

  • SHA256

    c7e40628fb6beb52d9d73a3b3afd1dca5d2335713593b698637e1a47b42bfc71

  • SHA512

    5f6d88626024811fd05af98d35a2e54a87ce5c8929d56c8bc49d718417b3370af7aa9a66c46007c600c5ec608a0f91f1e952738ee35cd3aebe28b4db46a2c042

Score
10/10
teslacryptdiscoveryevasionransomwaretrojan

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\RESTORE_FILES_INFO.txt

Ransom Note
Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. We also downloaded your corporate files (databases, tables, accounting information, etc.) and we will have to publish them if you do not agree to cooperation. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Key Identifier: MrdspKpEvSZKY8uLASEE5yMvxwD7P4ziTOK9r5PffokBqapJBEBgD84xDzSY16f7pDxYlK2w4nSJdL+Lj5mLGG/YBcqY+yN4UBjlWNgX/P4FMpNKXAFwfDn/+oxLntKrr86lkqUpY1geXHigIHd6EHyQZjepy0XmU01FMToV6iBSvP08bXHL63DGRHNFHtwUdCHt5Zo4jFaiWM+FSs8PuJ7SPPmZb9QBcHdrCRkCSqQ0oVnKLX9VtVQsONKPXQIoEjOAHPIuuL+U0oexM3febm7VyohuBQXDFylwK8I5NGPBLncu/IOCShNBz9faoN+q10aliTaOQ3YxtnTU8QAG1WVzOFGWSsiK3J/wIFVxT0XkNrE5HrHXPOghu06YIxH3GNK2G38WVmEJ6KuYHkjkcwgYp89D6L1cRRd5Dl3or3ELyTKt27mpfxyhMWM+aFb19W4/gpFIQB6OxXdY+tPj1KEj3XU1ldXLM+C4q6OzZ9njxZsB3kefIuIpci3KGE17WDfC3wYTgHS03NgPXrcphbtA8UPUUG+deK360Dw49CLRjj8gMy6K5fS8tXY7ZQGVndtM9/2OwhTVCrvfpOaWkm8U7kyAaa2MVnIQ9QMR53OVDswc6sntkL6NnOfHUVWWqby3SmvPWZDpu+jqhsU7ws6RWFS50PgkijJuua+aDbk=

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://iffusedtrac.xyz/3/bbc.exe

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\RESTORE_FILES_INFO.txt

Ransom Note
Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. We also downloaded your corporate files (databases, tables, accounting information, etc.) and we will have to publish them if you do not agree to cooperation. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Key Identifier: KPZ/CMgT0KiODRTwt2zSKOkxl3cDK+8DyFNytpYegKyHmo18iqtQz+v0/qiFXBi4RBsdSyzYNlvcXQelASvyF4U1ZE77C1oJPpdW/wNoE8jrds3OYW4tYjFI7H9g3xh0fOBa4tagyZZu8etC6YN7brgKN6A70yPO0lRobkQ7KR0aibiZTijL35MX47051zbQySUQKYdk2Wh3oa2H0WXumh/SV/A/Rtig0qjYLozuo2LlKRYBFoLJdqGSPDpfdqklm47j3ZasKaG/irZOTqYFPZF+g7Fnpm+yrlEHZjeRRXoKFsxl0+xth7YEfKEsjFAIngrD0iG33sgJRtbQ2nv1cy1zi5nT96dqll72IIsUIm6tGEwzf6Gsq6svheSVscECVidJT61lDV97f3mOMd/FUWWnW+2hyulFXpEhjfHZ/gAPWZIWVx/gqsn7/cLMy4hFvxzdILTCHxIQ1VkarJ9TCUGDJlUGgCO/t5mYxGZ8hpon+4DFZUOF61yJlNp0WkbBFeXD1vRaleQ5nQdhejvWJzBAvPphn8PzArG20YmRw1ObVQTxDJH/bzte6gw39t/0HhIE61OJjErr/JPlICwBj81BPQgiiZatvn66i4erS+ppWkU0alWa9o0YIpMYluv8R/YErOWwqniI8QOe5j+XAPWZi8cB7Jz1x9Rj7Tn0hxw=

Targets

    • Target

      invoice_NQ_Supply.xls

    • Size

      83KB

    • MD5

      50fecec126570e4b8fcd531d6711879a

    • SHA1

      9166aee4a6815e4f67e0ae43344d8ca144958d47

    • SHA256

      c7e40628fb6beb52d9d73a3b3afd1dca5d2335713593b698637e1a47b42bfc71

    • SHA512

      5f6d88626024811fd05af98d35a2e54a87ce5c8929d56c8bc49d718417b3370af7aa9a66c46007c600c5ec608a0f91f1e952738ee35cd3aebe28b4db46a2c042

    Score
    10/10
    teslacryptevasionransomwaretrojandiscovery

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • TeslaCrypt, AlphaCrypt

      Ransomware based on CryptoLocker. Shut down by the developers in 2016.

      ransomwareteslacrypt

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Windows security modification

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks