Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    de10b8454ebb363ab1469cebbd9898b2df591101806aedd9aab0b8b16139c806

  • Size

    4.8MB

  • Sample

    240101-sgesfsfeb2

  • MD5

    14888882bcf01c20a4a45bb9aa2b35f7

  • SHA1

    50915c9c2855987e1191bbd2c510e067150b2a0f

  • SHA256

    de10b8454ebb363ab1469cebbd9898b2df591101806aedd9aab0b8b16139c806

  • SHA512

    c7ae29fddc996e4172672d8e28466f23e3afdbd458345679b5895b1d94e5cdd8120e51480837929b08d1373690aadecb601b7b0dc08ad47b36338c621a2d7436

  • SSDEEP

    49152:vLiH3r02PBZrb/T5vO90dL3BmAFd4A64nsfJF4QWjmy25yr5nBFwLYgN4Ew5Ew1e:G3BlGy2CGyEkVHBhfwjPTBL5TJhLRp

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\HOW TO RESTORE YOUR TIYWEPXB FILES.TXT

Ransom Note
Dear Management We inform you that your network has undergone a penetration test, during which we encrypted your files and downloaded more than 100 GB of your data (most from your PD), including: Accounting Confidential documents Personal data Copy of some mailboxes Important! Do not try to decrypt the files yourself or using third-party utilities. The only program that can decrypt them is our decryptor, which you can request from the contacts below. Any other program will only damage files in such a way that it will be impossible to restore them. You can get all the necessary evidence, discuss with us possible solutions to this problem and request a decryptor by using the contacts below. Please be advised that if we don't receive a response from you within 3 days, we reserve the right to publish files to the public. Contact us: [email protected] or [email protected]

Targets

    • Target

      de10b8454ebb363ab1469cebbd9898b2df591101806aedd9aab0b8b16139c806

    • Size

      4.8MB

    • MD5

      14888882bcf01c20a4a45bb9aa2b35f7

    • SHA1

      50915c9c2855987e1191bbd2c510e067150b2a0f

    • SHA256

      de10b8454ebb363ab1469cebbd9898b2df591101806aedd9aab0b8b16139c806

    • SHA512

      c7ae29fddc996e4172672d8e28466f23e3afdbd458345679b5895b1d94e5cdd8120e51480837929b08d1373690aadecb601b7b0dc08ad47b36338c621a2d7436

    • SSDEEP

      49152:vLiH3r02PBZrb/T5vO90dL3BmAFd4A64nsfJF4QWjmy25yr5nBFwLYgN4Ew5Ew1e:G3BlGy2CGyEkVHBhfwjPTBL5TJhLRp

    • Clears Windows event logs

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Stops running service(s)

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks