Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

sample.exe

windows7_x64

10

sample.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    563daaab9f9d7be02f037c540d561c424aa3e5efc6a9a5c8d58858d98e2aae3c.bin.sample.gz

  • Size

    512KB

  • Sample

    220504-x7mm7sedf4

  • MD5

    ef4226c10af292d1557bd29e1f3989e2

  • SHA1

    843556c663704a87a273e97e7f7db0222962e1b4

  • SHA256

    8411bca3ef85f5da19c00b3181545be884dde58b0683a9d39d7d1b98747a8305

  • SHA512

    ccf0190e0f309f27126e8b5ac1e6e49ecbd09d7d4d29903bcfdeadd935543195f3eb6644e2a904fd46c6d4a0a771fd39e84064d91512cc85fcd122fc9dad710c

Score
10/10
evasionransomwarespywarestealertrojan

Malware Config

Extracted

Path

C:\Read_Me!_.txt

Ransom Note
All Your Files Encrypted And Sensitive Data Downloaded (Financial Documents,Contracts,Invoices etc.. ). To Get Decryption Tools You Should Buy Our Decrption Tools And Then We Will Send You Decryption Tools And Delete Your Sensitive Data From Our Servers. If Payment Is Not Made We have to Publish Your Sensitive Data If Necessary Sell Them And Send Them To Your Competitors And After A While Our Servers Will Remove Your Decrypion Keys From Servers. Your Files Encrypted With Strongest Encryption Algorithm So Without Our Decryption Tools Nobody Can't Help You So Do Not Waste Your Time In Vain! Your ID: 3sK3OK Email Address: [email protected] In Case Of Problem With First Email Send Us Mail At : [email protected] Send Your ID In Email And Check Spam Folder. This Is Just Business To Get Benefits, If Do Not Contact Us After 48 Hours Decryption Price Will x2. What Guarantee Do We Give You ? You Should Send Some Encrypted Files To Us For Decryption Test. ---------------------------------------------------------------------- Attention! Do Not Edit Or Rename Encrypted Files. Do Not Try To Decrypt Files By Third-Party Or Data Recovery Softwares It May Damage Files. In Case Of Trying To Decrypt Files With Third-Party Sofwares,This May Make The Decryption Harder So Prices Will Be Rise. ---------------------------------------------------------------------- How To Buy Bitcoin : Buy Bitcoin Instructions At LocalBitcoins : https://localbitcoins.com/guides/how-to-buy-bitcoins Buy Bitcoin Instructions At Coindesk And Get More Info By Searching At Google : https://www.coindesk.com/learn/how-can-i-buy-bitcoin/

Extracted

Path

C:\Read_Me!_.txt

Ransom Note
All Your Files Encrypted And Sensitive Data Downloaded (Financial Documents,Contracts,Invoices etc.. ). To Get Decryption Tools You Should Buy Our Decrption Tools And Then We Will Send You Decryption Tools And Delete Your Sensitive Data From Our Servers. If Payment Is Not Made We have to Publish Your Sensitive Data If Necessary Sell Them And Send Them To Your Competitors And After A While Our Servers Will Remove Your Decrypion Keys From Servers. Your Files Encrypted With Strongest Encryption Algorithm So Without Our Decryption Tools Nobody Can't Help You So Do Not Waste Your Time In Vain! Your ID: mnelHr Email Address: [email protected] In Case Of Problem With First Email Send Us Mail At : [email protected] Send Your ID In Email And Check Spam Folder. This Is Just Business To Get Benefits, If Do Not Contact Us After 48 Hours Decryption Price Will x2. What Guarantee Do We Give You ? You Should Send Some Encrypted Files To Us For Decryption Test. ---------------------------------------------------------------------- Attention! Do Not Edit Or Rename Encrypted Files. Do Not Try To Decrypt Files By Third-Party Or Data Recovery Softwares It May Damage Files. In Case Of Trying To Decrypt Files With Third-Party Sofwares,This May Make The Decryption Harder So Prices Will Be Rise. ---------------------------------------------------------------------- How To Buy Bitcoin : Buy Bitcoin Instructions At LocalBitcoins : https://localbitcoins.com/guides/how-to-buy-bitcoins Buy Bitcoin Instructions At Coindesk And Get More Info By Searching At Google : https://www.coindesk.com/learn/how-can-i-buy-bitcoin/

Targets

    • Target

      sample

    • Size

      1.1MB

    • MD5

      a56644a519d6fce5f20a744ae3820af2

    • SHA1

      93acd978da4a602c9ea1a23b6a97d74ced436e56

    • SHA256

      563daaab9f9d7be02f037c540d561c424aa3e5efc6a9a5c8d58858d98e2aae3c

    • SHA512

      5ee5ae6d10bb4c3290664454666bd5f82d694bb772d9d5e6dc9e29cb7129cf696ac5b694676eb78074e4196a459e66f6b34b920017af1cd2addb35a1e1b85416

    Score
    10/10
    evasionransomwarespywarestealertrojan

    • UAC bypass

      evasiontrojan

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks