Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1dd04aab97...3c.exe

windows7-x64

10

1dd04aab97...3c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1dd04aab97d6b65ac93ae3e8cfb4d3175d99f5b0395418abeb771d2db364cd3c

  • Size

    463KB

  • Sample

    221203-g3dlqsfa31

  • MD5

    5edfa63f8223527b790d7f47ec29ad48

  • SHA1

    d4c544274ea89f1d10cb5b4c7ac54ebbb72b2651

  • SHA256

    1dd04aab97d6b65ac93ae3e8cfb4d3175d99f5b0395418abeb771d2db364cd3c

  • SHA512

    d29a03cd0f2f7a114b866ae923d458c96d3653bc104cd640d67a02d5d6a9eb51cd503eec45811b8379e543af9ba561ee9f89c279cbd3233e4d28662c692a6d8b

  • SSDEEP

    12288:CegEga9b161lmK0IgvcjTxIn5FV6NFVINaZcR9JXy:CegEFm1wK01vcjannV6NFca49JXy

Score
10/10
blackbastaransomware

Malware Config

Extracted

Path

C:\MSOCache\readme.txt

Ransom Note
Your data are stolen and encrypted The data will be published on TOR website if you do not pay the ransom You can contact us and decrypt one file for free on this TOR site (you should download and install TOR browser first https://torproject.org) https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion/ Your company id for log in: aa6b49d0-713d-46fb-b7ac-fb5605e2ac0a
URLs

https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion/

Targets

    • Target

      1dd04aab97d6b65ac93ae3e8cfb4d3175d99f5b0395418abeb771d2db364cd3c

    • Size

      463KB

    • MD5

      5edfa63f8223527b790d7f47ec29ad48

    • SHA1

      d4c544274ea89f1d10cb5b4c7ac54ebbb72b2651

    • SHA256

      1dd04aab97d6b65ac93ae3e8cfb4d3175d99f5b0395418abeb771d2db364cd3c

    • SHA512

      d29a03cd0f2f7a114b866ae923d458c96d3653bc104cd640d67a02d5d6a9eb51cd503eec45811b8379e543af9ba561ee9f89c279cbd3233e4d28662c692a6d8b

    • SSDEEP

      12288:CegEga9b161lmK0IgvcjTxIn5FV6NFVINaZcR9JXy:CegEFm1wK01vcjannV6NFca49JXy

    Score
    10/10
    blackbastaransomware

    • Black Basta

      A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

      ransomwareblackbasta

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks