Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

NinjaRippe...up.exe

windows7-x64

8

NinjaRippe...up.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/02/2023, 08:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NinjaRipper2011beta_setup.exe

  • Size

    99.7MB

  • MD5

    9f75e1cf90e9acac0d72de9e3d3af1b5

  • SHA1

    0721ee460bae9a1549d205389960688c39baf93a

  • SHA256

    f683a83f9974c75a7fd162b114fe21aded2e14ed2dddea537c127232a7b20a2f

  • SHA512

    bca90b1a1228d4bff0c0e3739466b8348b96215efe8ac31ba175aeb9420ffab49fd033b62e9e17b656439bfeb41eb7c7c74860401d17adc911045615f09507f0

  • SSDEEP

    3145728:e5l7VvuMWJB+X5xQWlsHKakt9ywT4Bj4YfvMZ:u5VGMWT+UcfakWrff0Z

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\NinjaRipper2011beta_setup.exe
    "C:\Users\Admin\AppData\Local\Temp\NinjaRipper2011beta_setup.exe"
    1⤵
    • Loads dropped DLL
    PID:1556

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nst502.tmp\InstallOptions.dll
    Filesize

    15KB

    MD5

    90bb49f3fd416f912a637526914bd044

    SHA1

    626051dd6c759a5b847664549736c37aba9ede5a

    SHA256

    1f8e8f336df6773d6b63bd5a7efbfc889d08888fec55da402eaf93cb950aa283

    SHA512

    5156923f51be2057f7003577b46732f6b0b0bb55402f49df3747085b9802b3a2492cd5f087ef988db5a69f241c10163ada0e649b149da8a198b7fc2cc83334e5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst502.tmp\InstallOptions.dll
    Filesize

    15KB

    MD5

    90bb49f3fd416f912a637526914bd044

    SHA1

    626051dd6c759a5b847664549736c37aba9ede5a

    SHA256

    1f8e8f336df6773d6b63bd5a7efbfc889d08888fec55da402eaf93cb950aa283

    SHA512

    5156923f51be2057f7003577b46732f6b0b0bb55402f49df3747085b9802b3a2492cd5f087ef988db5a69f241c10163ada0e649b149da8a198b7fc2cc83334e5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst502.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    08de81a4584f5201086f57a7a93ed83b

    SHA1

    266a6ecc8fb7dca115e6915cd75e2595816841a8

    SHA256

    4883cd4231744be2dca4433ef62824b7957a3c16be54f8526270402d9413ebe6

    SHA512

    b72e7cea5ce1f4dc64e65a1f683a3ef9e3fa2dc45cf421f569eb461f1fdcc0caf4ff62a872e62b400579f567c6ff9fc3c2e6e020cdca89d96015502c803a09b9

    Download Submit