Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

b01dff27ad...d0.exe

windows7-x64

10

b01dff27ad...d0.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/03/2025, 16:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b01dff27adffe5c43253bb33fb78b40f3bbb9853a510ee978abb821c38ffced0.exe

  • Size

    2.3MB

  • MD5

    6fc6164b3a08669992acad3764fb1922

  • SHA1

    e99c667e338dfeee60e7bd5c2c7848a351c67114

  • SHA256

    b01dff27adffe5c43253bb33fb78b40f3bbb9853a510ee978abb821c38ffced0

  • SHA512

    716bd8bdd358d2251cde981697c8a4f473a6f4294287e75366be7d8e86ee70feeed513a6310a6ce953a3814648f56f9ebb830c08a8420b06604a90df1c28b328

  • SSDEEP

    49152:emWMASox0K6ZlCF4k9oT7J9L3jjS7W55H:emXtox7ag/a7J9L

Score
10/10
agendabootkitdiscoverypersistenceransomwarespywarestealer

Malware Config

Extracted

Family

agenda

Credentials
  • Username:
    sysadmin@ashminlc
  • Password:
    Pa55w0rd123
Attributes
  • company_id

    quQkrKaqTs

  • note

    -- Qilin Your network/system was encrypted. Encrypted files have new extension. -- Compromising and sensitive data We have downloaded compromising and sensitive data from your system/network. Our group cooperates with the mass media. If you refuse to communicate with us and we do not come to an agreement, your data will be reviewed and published on our blog and on the media page (https://31.41.244.100) Blog links: http://kbsqoivihgdmwczmxkbovk7ss2dcynitwhhfu5yw725dboqo5kthfaad.onion http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion Data includes: - Employees personal data, CVs, DL , SSN. - Complete network map including credentials for local and remote services. - Financial information including clients data, bills, budgets, annual reports, bank statements. - Complete datagrams/schemas/drawings for manufacturing in solidworks format - And more... -- Warning 1) If you modify files - our decrypt software won't able to recover data 2) If you use third party software - you can damage/modify files (see item 1) 3) You need cipher key / our decrypt software to restore you files. 4) The police or authorities will not be able to help you get the cipher key. We encourage you to consider your decisions. -- Recovery 1) Download tor browser: https://www.torproject.org/download/ 2) Go to domain 3) Enter credentials Please note that communication with us is only possible via the website in the Tor browser, which is specified in this note. All other means of communication are not real and may be created by third parties, if such were not provided in this note or on the website specified in this note. -- Credentials Extension: quQkrKaqTs Domain: aqfe4f3zqb5luwgkbnxycfxdeqjgnuhsjfiqf6wxnohamich7a6nqnyd.onion login: B5zd2EBjH7iqZratqg2V4pzWeYcBSsGw password:

rsa_privkey.plain

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\b01dff27adffe5c43253bb33fb78b40f3bbb9853a510ee978abb821c38ffced0.exe
    "C:\Users\Admin\AppData\Local\Temp\b01dff27adffe5c43253bb33fb78b40f3bbb9853a510ee978abb821c38ffced0.exe"
    1⤵
    • Enumerates connected drives
    • Writes to the Master Boot Record (MBR)
    • System Location Discovery: System Language Discovery
    PID:2132

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\QLOG\ThreadId(1).LOG
    Filesize

    8KB

    MD5

    b49678745940680f17c0864fd3d07b65

    SHA1

    f5c2a6bddcc601cc57719ee04170f4869dc3a652

    SHA256

    321d6bb95e689b1e4b0dc714b568e99b896bfbb39382259946d6f8890537f626

    SHA512

    4e43d2b940306430e4096aa0dcfcc6cad4aea467140eff5107b969c93b5ed975a137aa97f83f05512434c2690f9f8c13a8547df04526e37b7fb1ea118e13789f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\QLOG\ThreadId(11).LOG
    Filesize

    4KB

    MD5

    a554f7dc37c06cec05723d030a7a6383

    SHA1

    2e0eba6502a5af61c8919d9892ab32ff5c6180ee

    SHA256

    f061502a1e794cb452df8ad8af8be2d76dbe6973c9a9e0207937bdeed2ab4184

    SHA512

    97b5c3d2b9b0231923b8a3527d89d1f4fef536c93da58d2df8a47e09122f86b535175547a1f6e12130d3cced6f25f934758afbbc92d3461e82d66abbf5329a20

    Download Submit

  • memory/2132-7166-0x0000000000C00000-0x0000000000E4B000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2132-19307-0x0000000000C00000-0x0000000000E4B000-memory.dmp

    Filesize

    2.3MB

    Download