Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

8

a9503a3d99...25.exe

windows7-x64

10

a9503a3d99...25.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a9503a3d998e705c37d3bec7fea0ff188bcf7e753833c8b4b195e590c4ed9625.exe

  • Size

    830KB

  • Sample

    221130-3a2czshc2s

  • MD5

    a2086f41bc06adc69517bc0d9c07bf6e

  • SHA1

    1d30388c1235da56a2f17d645f0a66ead7b59159

  • SHA256

    a9503a3d998e705c37d3bec7fea0ff188bcf7e753833c8b4b195e590c4ed9625

  • SHA512

    10432474743e46dda5e9247aae8b8c7c474fd4a0521e30d5be09942f88c2cd6ce7bde89b7858dd9f28b63bb3b515817a4ca4a6f82c5998d5e482645bb8d6fc30

  • SSDEEP

    24576:qPCxmUtjDcK/IhU06NZim3gG8jq+wh+A:stUtfcANY/m

Score
10/10
blackbastaransomwareupx

Malware Config

Extracted

Path

C:\readme.txt

Ransom Note
Your data are stolen and encrypted The data will be published on TOR website if you do not pay the ransom You can contact us and decrypt one file for free on this TOR site (you should download and install TOR browser first https://torproject.org) https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion/ Your company id for log in: 460c3c4c-c19d-4567-b16a-a28e49949214 @>B
URLs

https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion/

Targets

    • Target

      a9503a3d998e705c37d3bec7fea0ff188bcf7e753833c8b4b195e590c4ed9625.exe

    • Size

      830KB

    • MD5

      a2086f41bc06adc69517bc0d9c07bf6e

    • SHA1

      1d30388c1235da56a2f17d645f0a66ead7b59159

    • SHA256

      a9503a3d998e705c37d3bec7fea0ff188bcf7e753833c8b4b195e590c4ed9625

    • SHA512

      10432474743e46dda5e9247aae8b8c7c474fd4a0521e30d5be09942f88c2cd6ce7bde89b7858dd9f28b63bb3b515817a4ca4a6f82c5998d5e482645bb8d6fc30

    • SSDEEP

      24576:qPCxmUtjDcK/IhU06NZim3gG8jq+wh+A:stUtfcANY/m

    Score
    10/10
    blackbastaransomwareupx

    • Black Basta

      A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

      ransomwareblackbasta

    • Black Basta payload

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Sets desktop wallpaper using registry

      ransomware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks