Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

ec662c7327...a9.exe

windows7-x64

10

ec662c7327...a9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec662c73279f4a3772e3e549b07bcd67803292981afae931df4b63d47f6ac2a9.exe.zip

  • Size

    72KB

  • Sample

    231201-spnekacb8y

  • MD5

    30c8e8e7cdb38914ae203563d4e199f0

  • SHA1

    31873e82c28a8eb96dd2388d9bb59e4ad3055046

  • SHA256

    a0ddb10979667a20187730c348cea1d556ec4d493e50cb765ce2a019d8ebde2c

  • SHA512

    aba87765ca06e3568944ee16af1c14419ce6d67ffbd7778f3e6a09c78dec03c3688d93677cb0a9b40505abea87493ee91de0f49cf93f98f19ea08825f6614499

  • SSDEEP

    1536:+SGNMyzQE6CfQSm6ubfGCa9r55dThisIye7rDucxpOLLbQ05m:+S8aCfC6oGH5ntisoua0PbY

Score
10/10
ryukransomwareupx

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\RyukReadMe.html

Family

ryuk

Ransom Note
buricoume1976@protonmail.com balance of shadow universe Ryuk
Emails

buricoume1976@protonmail.com

Targets

    • Target

      ec662c73279f4a3772e3e549b07bcd67803292981afae931df4b63d47f6ac2a9.exe

    • Size

      76KB

    • MD5

      1fff77fb1958e7f730bb4de627a24d57

    • SHA1

      c3b071d324f095381bc604a46e1b8c5a89c68822

    • SHA256

      ec662c73279f4a3772e3e549b07bcd67803292981afae931df4b63d47f6ac2a9

    • SHA512

      53842ccf9a28f908f3e4ded42e5e925ce5c737c3b6458c6287f298cea948ecbac9ad18369f6b20665d6e0336e38b51d6aad43ec3bfbc155880b9361eef7acc61

    • SSDEEP

      1536:+ukv6BlkOCJSlq3//M/NqKTmPCQASm/dKRYHQiY0aB6:yvqlkOCJSQ3XM4P4SaKRYwF0aB

    Score
    10/10
    ryukransomwareupx

    • Ryuk

      Ransomware distributed via existing botnets, often Trickbot or Emotet.

      ransomwareryuk

    • Renames multiple (5189) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.