Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

RS.7z

windows7-x64

RS.7z

windows10-2004-x64

RS.7z

android-13-x64

RS.7z

android-13-x64

RS.7z

macos-10.15-amd64

RS.7z

ubuntu-18.04-amd64

RS.7z

debian-9-armhf

RS.7z

debian-9-mips

RS.7z

debian-9-mipsel

Ransomware...KB.exe

windows7-x64

10

Ransomware...KB.exe

windows10-2004-x64

10

Ransomware...KB.exe

android-10-x64

Ransomware...KB.exe

android-13-x64

Ransomware...KB.exe

macos-10.15-amd64

Ransomware...KB.exe

ubuntu-18.04-amd64

Ransomware...KB.exe

debian-9-armhf

Ransomware...KB.exe

debian-9-mips

Ransomware...KB.exe

debian-9-mipsel

779389082

windows7-x64

779389082

windows10-2004-x64

779389082

android-13-x64

779389082

android-13-x64

779389082

macos-10.15-amd64

779389082

ubuntu-18.04-amd64

779389082

debian-9-armhf

779389082

debian-9-mips

779389082

debian-9-mipsel

Ransomware...KB.ps1

windows7-x64

Ransomware...KB.ps1

windows10-2004-x64

Ransomware...KB.ps1

android-10-x64

Ransomware...KB.ps1

android-13-x64

Ransomware...KB.ps1

macos-10.15-amd64

Resubmissions

05/02/2025, 10:25 UTC

250205-mgcefaslhw 10

05/02/2025, 10:17 UTC

250205-mbs51atmbk 10

05/02/2025, 09:15 UTC

250205-k785zs1pfn 10

05/02/2025, 08:48 UTC

250205-kqq8vayph1 10

05/02/2025, 06:31 UTC

250205-hae5jatqgt 10

05/02/2025, 06:29 UTC

250205-g8xlsstqax 10

28/07/2024, 16:38 UTC

240728-t5tryssgmm 10

07/07/2024, 14:07 UTC

240707-rfgd8atekm 10

07/07/2024, 14:07 UTC

240707-re689awdpe 10

13/09/2022, 17:54 UTC

220913-wg1lpsgbg7 10

Analysis

  • max time kernel
    93s
  • max time network
    204s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250129-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/02/2025, 09:15 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RansomwareSamples/Hive_17_07_2021_808KB.exe

  • Size

    808KB

  • MD5

    504bd1695de326bc533fde29b8a69319

  • SHA1

    67f0c8d81aefcfc5943b31d695972194ac15e9f2

  • SHA256

    a0b4e3d7e4cd20d25ad2f92be954b95eea44f8f1944118a3194295c5677db749

  • SHA512

    18c5b28bafb13edf47f6a2b803d9d9a914945f037b266a765f2a324842c5ef04ebda27eba31851d2d63e00779a42900e0edfe4ad5bd817eb4f43fa4d4e3a4767

  • SSDEEP

    24576:lafTGwLNdRk4RBtr/ioF4/I+CMx3cMt3/4KFG8Qz4YwY:IT7dRFr/ioFjicMtvV4z

Score
10/10
hiveransomwareupx

Malware Config

Signatures

  • Detects Go variant of Hive Ransomware 1 IoCs
  • Hive

    A ransomware written in Golang first seen in June 2021.

    ransomwarehive
  • Hive family
    hive
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx

Processes

  • C:\Users\Admin\AppData\Local\Temp\RansomwareSamples\Hive_17_07_2021_808KB.exe
    C:\Users\Admin\AppData\Local\Temp\RansomwareSamples\Hive_17_07_2021_808KB.exe dsrm -subtree -noprompt -c user"http://+:443"
    1⤵
      PID:1156

    Network

    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.ax-0001.ax-msedge.net
      g-bing-com.ax-0001.ax-msedge.net
      IN CNAME
      ax-0001.ax-msedge.net
      ax-0001.ax-msedge.net
      IN A
      150.171.27.10
      ax-0001.ax-msedge.net
      IN A
      150.171.28.10
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=90ed4d45472c4d5bb965d971b4f45c0b&localId=w:0E6DBFDF-A422-D12B-C993-83A8853F7845&deviceId=6966578605783440&anid=
      Remote address:
      150.171.27.10:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=90ed4d45472c4d5bb965d971b4f45c0b&localId=w:0E6DBFDF-A422-D12B-C993-83A8853F7845&deviceId=6966578605783440&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=2CF53BF940B66F360FD22E7341566E8D; domain=.bing.com; expires=Mon, 02-Mar-2026 09:17:09 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 238623EB575B4CBA8092488E43D2553F Ref B: LON04EDGE1018 Ref C: 2025-02-05T09:17:09Z
      date: Wed, 05 Feb 2025 09:17:08 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=90ed4d45472c4d5bb965d971b4f45c0b&localId=w:0E6DBFDF-A422-D12B-C993-83A8853F7845&deviceId=6966578605783440&anid=
      Remote address:
      150.171.27.10:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=90ed4d45472c4d5bb965d971b4f45c0b&localId=w:0E6DBFDF-A422-D12B-C993-83A8853F7845&deviceId=6966578605783440&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=2CF53BF940B66F360FD22E7341566E8D
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=qjdMaLrr2pzyYVK9ingqwejwTdRFFETncBNSaOegHP8; domain=.bing.com; expires=Mon, 02-Mar-2026 09:17:09 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 44DD4EB0F8BE4F7D957A5832F7E3A0E3 Ref B: LON04EDGE1018 Ref C: 2025-02-05T09:17:09Z
      date: Wed, 05 Feb 2025 09:17:08 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=90ed4d45472c4d5bb965d971b4f45c0b&localId=w:0E6DBFDF-A422-D12B-C993-83A8853F7845&deviceId=6966578605783440&anid=
      Remote address:
      150.171.27.10:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=90ed4d45472c4d5bb965d971b4f45c0b&localId=w:0E6DBFDF-A422-D12B-C993-83A8853F7845&deviceId=6966578605783440&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=2CF53BF940B66F360FD22E7341566E8D; MSPTC=qjdMaLrr2pzyYVK9ingqwejwTdRFFETncBNSaOegHP8
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: A18D5E6EA97346FD9AE3CAFDEB811DAA Ref B: LON04EDGE1018 Ref C: 2025-02-05T09:17:09Z
      date: Wed, 05 Feb 2025 09:17:09 GMT
    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-gb
      GET
      https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
      Remote address:
      2.16.34.106:443
      Request
      GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
      host: www.bing.com
      accept: */*
      cookie: MUID=2CF53BF940B66F360FD22E7341566E8D; MSPTC=qjdMaLrr2pzyYVK9ingqwejwTdRFFETncBNSaOegHP8
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-type: image/png
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      content-length: 1107
      date: Wed, 05 Feb 2025 09:17:10 GMT
      alt-svc: h3=":443"; ma=93600
      x-cdn-traceid: 0.74221002.1738747030.5f21c23
    • flag-us
      DNS
      23.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      23.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.210.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.210.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      167.173.78.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      167.173.78.104.in-addr.arpa
      IN PTR
      Response
      167.173.78.104.in-addr.arpa
      IN PTR
      a104-78-173-167deploystaticakamaitechnologiescom
    • flag-us
      DNS
      26.35.223.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.35.223.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      106.34.16.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      106.34.16.2.in-addr.arpa
      IN PTR
      Response
      106.34.16.2.in-addr.arpa
      IN PTR
      a2-16-34-106deploystaticakamaitechnologiescom
    • flag-us
      DNS
      200.163.202.172.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      200.163.202.172.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      171.39.242.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      171.39.242.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.214.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.214.232.199.in-addr.arpa
      IN PTR
      Response
    • 150.171.27.10:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=90ed4d45472c4d5bb965d971b4f45c0b&localId=w:0E6DBFDF-A422-D12B-C993-83A8853F7845&deviceId=6966578605783440&anid=
      tls, http2
      2.0kB
       9.4kB
       21
      19

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=90ed4d45472c4d5bb965d971b4f45c0b&localId=w:0E6DBFDF-A422-D12B-C993-83A8853F7845&deviceId=6966578605783440&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=90ed4d45472c4d5bb965d971b4f45c0b&localId=w:0E6DBFDF-A422-D12B-C993-83A8853F7845&deviceId=6966578605783440&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=90ed4d45472c4d5bb965d971b4f45c0b&localId=w:0E6DBFDF-A422-D12B-C993-83A8853F7845&deviceId=6966578605783440&anid=

      HTTP Response

      204
    • 2.16.34.106:443
      https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
      tls, http2
      1.5kB
       6.4kB
       17
      13

      HTTP Request

      GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

      HTTP Response

      200
    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       148 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      150.171.27.10
      150.171.28.10

    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
       90 B
       1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      23.159.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      23.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      172.210.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.210.232.199.in-addr.arpa

    • 8.8.8.8:53
      167.173.78.104.in-addr.arpa
      dns
      73 B
       139 B
       1
      1

      DNS Request

      167.173.78.104.in-addr.arpa

    • 8.8.8.8:53
      26.35.223.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      26.35.223.20.in-addr.arpa

    • 8.8.8.8:53
      106.34.16.2.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      106.34.16.2.in-addr.arpa

    • 8.8.8.8:53
      200.163.202.172.in-addr.arpa
      dns
      74 B
       160 B
       1
      1

      DNS Request

      200.163.202.172.in-addr.arpa

    • 8.8.8.8:53
      171.39.242.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      171.39.242.20.in-addr.arpa

    • 8.8.8.8:53
      172.214.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.214.232.199.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1156-0-0x0000000000F60000-0x0000000001239000-memory.dmp

      Filesize

      2.8MB

      Download

    • memory/1156-1-0x0000000000F60000-0x0000000001239000-memory.dmp

      Filesize

      2.8MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.