Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7177160e81c4ed90b8e6551d1dcb1877f697cbc9faa6b66f85976e2a4179154f

  • Size

    702KB

  • Sample

    230314-w9ppxaba9s

  • MD5

    ab8f0580cc0d74e0215e7de19515c8a6

  • SHA1

    acbbba95fc6982f63bcc1981d7d33df26a8d439d

  • SHA256

    7177160e81c4ed90b8e6551d1dcb1877f697cbc9faa6b66f85976e2a4179154f

  • SHA512

    dfe6b8194dcd56599dba09be3b5746350dee3572f34a4661c42a4597e5938c4a3d82300b7eacb116c68ec0c974c10abf3ad51aa36bbcf4ce043754aca73fce96

  • SSDEEP

    12288:U4LGLJtHUGH3HV3y9dsrlHMg2i6lqHIAkIdV2:YxHV3g2HmlPM

Score
10/10
ransomware

Malware Config

Extracted

Path

C:\Program Files\Common Files\microsoft shared\ClickToRun\ReadMe.txt

Ransom Note
Attention! All your files, documents, photos, databases and other important files are encrypted The only method of recovering files is to purchase an unique decryptor. Only we can give you this decryptor and only we can recover your files. The server with your decryptor is in a closed network TOR. You can get there by the following ways: ---------------------------------------------------------------------------------------- 1. Download Tor browser - https://www.torproject.org/ 2. Install Tor browser 3. Open Tor Browser 4. Open link in TOR browser: http://34vm2smykaqtzzzm4bgycfzg5fwyhhksrkpahdbiswmmuwuu7hmvuvqd.onion/?501GYZBDEGH 5. and open ticket ---------------------------------------------------------------------------------------- Alternate communication channel here: https://yip.su/2QstD5
URLs

http://34vm2smykaqtzzzm4bgycfzg5fwyhhksrkpahdbiswmmuwuu7hmvuvqd.onion/?501GYZBDEGH

https://yip.su/2QstD5

Targets

    • Target

      7177160e81c4ed90b8e6551d1dcb1877f697cbc9faa6b66f85976e2a4179154f

    • Size

      702KB

    • MD5

      ab8f0580cc0d74e0215e7de19515c8a6

    • SHA1

      acbbba95fc6982f63bcc1981d7d33df26a8d439d

    • SHA256

      7177160e81c4ed90b8e6551d1dcb1877f697cbc9faa6b66f85976e2a4179154f

    • SHA512

      dfe6b8194dcd56599dba09be3b5746350dee3572f34a4661c42a4597e5938c4a3d82300b7eacb116c68ec0c974c10abf3ad51aa36bbcf4ce043754aca73fce96

    • SSDEEP

      12288:U4LGLJtHUGH3HV3y9dsrlHMg2i6lqHIAkIdV2:YxHV3g2HmlPM

    Score
    10/10
    ransomware

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks