Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

23e95ba676...7f.exe

windows7_x64

10

23e95ba676...7f.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    23e95ba67603234352ff2864dc7fa54742f501e5922f01f8c182dbefc116f97f

  • Size

    121KB

  • Sample

    210710-xebwb6wmen

  • MD5

    7364f6222ac58896e8920f32e4d30aac

  • SHA1

    915fd6fb4e20909025f876f3bb453ec52e21b7be

  • SHA256

    23e95ba67603234352ff2864dc7fa54742f501e5922f01f8c182dbefc116f97f

  • SHA512

    f5e2b5a17ed04c7edb904e867cec2f66a59b887176bd3e25803e82a390fc36fc47002df747099ca4e6960f020afe1137f4ba24b28613423b5de0b09ff7048026

Score
10/10
ryukdiscoveryransomware

Malware Config

Extracted

Path

C:\users\Public\RyukReadMe.html

Family

ryuk

Ransom Note
contact balance of shadow universe Ryuk $password = 'RCCF8gd'; $torlink = 'http://rdmnobnbtxh5sm3iiczazaregkpyyub3gktwneeehx62tyot5bc4qhad.onion'; function info(){alert("INSTRUCTION:\r\n1. Download tor browser.\r\n2. Open link through tor browser: " + $torlink + "\r\n3. Fill the form, your password: "+ $password +"\r\nWe will contact you shortly.\r\nAlways send files for test decryption.");};
URLs

http://rdmnobnbtxh5sm3iiczazaregkpyyub3gktwneeehx62tyot5bc4qhad.onion

Targets

    • Target

      23e95ba67603234352ff2864dc7fa54742f501e5922f01f8c182dbefc116f97f

    • Size

      121KB

    • MD5

      7364f6222ac58896e8920f32e4d30aac

    • SHA1

      915fd6fb4e20909025f876f3bb453ec52e21b7be

    • SHA256

      23e95ba67603234352ff2864dc7fa54742f501e5922f01f8c182dbefc116f97f

    • SHA512

      f5e2b5a17ed04c7edb904e867cec2f66a59b887176bd3e25803e82a390fc36fc47002df747099ca4e6960f020afe1137f4ba24b28613423b5de0b09ff7048026

    Score
    10/10
    ryukdiscoveryransomware

    • Ryuk

      Ransomware distributed via existing botnets, often Trickbot or Emotet.

      ransomwareryuk

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks