Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

7883f01096...8a.exe

windows7-x64

10

7883f01096...8a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7883f01096db9bcf090c2317749b6873036c27ba92451b212b8645770e1f0b8a

  • Size

    543KB

  • Sample

    250224-n69a5s1m16

  • MD5

    998022b70d83c6de68e5bdf94e0f8d71

  • SHA1

    b87a947f3e85701fcdadd733e9b055a65a3b1308

  • SHA256

    7883f01096db9bcf090c2317749b6873036c27ba92451b212b8645770e1f0b8a

  • SHA512

    2744b77f951bd2bb34b094dd3b54fcf8f7dca76e03c745809edc045749c814c7d88c9ddd69ad684a1c156716afae76b5ebec3f932d0f2a72b242878134f65647

  • SSDEEP

    12288:M1DTMHixr1moQqUiXINDl/m1s6BQio67VlA:AzmoQqUiXw2s6yiVx

Score
10/10
blackbastacredential_accessdefense_evasiondiscoveryexecutionimpactransomwarespywarestealer

Malware Config

Extracted

Path

C:\Program Files\readme.txt

Ransom Note
Your data are stolen and encrypted The data will be published on TOR website if you do not pay the ransom You can contact us and decrypt one file for free on this TOR site (you should download and install TOR browser first https://torproject.org) https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion:80/ Your company id for log in: ba7a7058-3531-4b67-bae6-d602e9110361
URLs

https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion:80/

Targets

    • Target

      7883f01096db9bcf090c2317749b6873036c27ba92451b212b8645770e1f0b8a

    • Size

      543KB

    • MD5

      998022b70d83c6de68e5bdf94e0f8d71

    • SHA1

      b87a947f3e85701fcdadd733e9b055a65a3b1308

    • SHA256

      7883f01096db9bcf090c2317749b6873036c27ba92451b212b8645770e1f0b8a

    • SHA512

      2744b77f951bd2bb34b094dd3b54fcf8f7dca76e03c745809edc045749c814c7d88c9ddd69ad684a1c156716afae76b5ebec3f932d0f2a72b242878134f65647

    • SSDEEP

      12288:M1DTMHixr1moQqUiXINDl/m1s6BQio67VlA:AzmoQqUiXw2s6yiVx

    Score
    10/10
    blackbastadefense_evasiondiscoveryexecutionimpactransomwarespywarestealercredential_access

    • Black Basta

      A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

      ransomwareblackbasta

    • Blackbasta family

      blackbasta

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Renames multiple (9234) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

      credential_accessstealer

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks