Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

9befb88861...fN.exe

windows7-x64

10

9befb88861...fN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9befb88861ef0fed20aab3ba204ac8ca250f68930f685485898c7c18d262c0cfN

  • Size

    612KB

  • Sample

    241030-rm37kavhjr

  • MD5

    d6b5b3d0a17b1f347665d4e55f8b3df0

  • SHA1

    205749f118c2ca5cb822556e6f50ca86c3ee78b3

  • SHA256

    9befb88861ef0fed20aab3ba204ac8ca250f68930f685485898c7c18d262c0cf

  • SHA512

    6dccfca6772e302a4abbddaefcdaad718c106005b7d627a0a6ca91c3325355448ce43432bef8f3229c7c35bcb8c28b1bc8a8dbb670d53ba842b9430c4b2015df

  • SSDEEP

    12288:k1XgVeBOuW1cLcOtoqSuL0xkpPc9EcgyCBUxaNH3bCdGP/g7i7s:k1XgVeBOuW1cLcOtoqmkpP91bCdk/Fs

Score
10/10
ransomwarespywarestealer

Malware Config

Extracted

Path

C:\#HowToRecover.txt

Ransom Note
Your Files Have Been Encrypted! Attention! All your important files have been stolen and encrypted by our advanced attack. Without our special decryption software, theres no way to recover your data! Your ID: [ 79366A5B-1337 ] To restore your files, reach out to us at: [email protected] You can also contact us via Telegram: @Hedaransom Failing to act may result in sensitive company data being leaked or sold. Do NOT use third-party tools, as they may permanently damage your files. Why Trust Us? Before making any payment, you can send us few files for free decryption test. Our business relies on fulfilling our promises. How to Buy Bitcoin? You can purchase Bitcoin to pay the ransom using these trusted platforms: https://www.kraken.com/learn/buy-bitcoin-btc https://www.coinbase.com/en-gb/how-to-buy/bitcoin https://paxful.com
URLs

https://paxful.com

Targets

    • Target

      9befb88861ef0fed20aab3ba204ac8ca250f68930f685485898c7c18d262c0cfN

    • Size

      612KB

    • MD5

      d6b5b3d0a17b1f347665d4e55f8b3df0

    • SHA1

      205749f118c2ca5cb822556e6f50ca86c3ee78b3

    • SHA256

      9befb88861ef0fed20aab3ba204ac8ca250f68930f685485898c7c18d262c0cf

    • SHA512

      6dccfca6772e302a4abbddaefcdaad718c106005b7d627a0a6ca91c3325355448ce43432bef8f3229c7c35bcb8c28b1bc8a8dbb670d53ba842b9430c4b2015df

    • SSDEEP

      12288:k1XgVeBOuW1cLcOtoqSuL0xkpPc9EcgyCBUxaNH3bCdGP/g7i7s:k1XgVeBOuW1cLcOtoqmkpP91bCdk/Fs

    Score
    10/10
    ransomwarespywarestealer

    • Renames multiple (7752) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks