Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

b01dff27ad...d0.exe

windows7-x64

10

b01dff27ad...d0.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11/03/2025, 04:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b01dff27adffe5c43253bb33fb78b40f3bbb9853a510ee978abb821c38ffced0.exe

  • Size

    2.3MB

  • MD5

    6fc6164b3a08669992acad3764fb1922

  • SHA1

    e99c667e338dfeee60e7bd5c2c7848a351c67114

  • SHA256

    b01dff27adffe5c43253bb33fb78b40f3bbb9853a510ee978abb821c38ffced0

  • SHA512

    716bd8bdd358d2251cde981697c8a4f473a6f4294287e75366be7d8e86ee70feeed513a6310a6ce953a3814648f56f9ebb830c08a8420b06604a90df1c28b328

  • SSDEEP

    49152:emWMASox0K6ZlCF4k9oT7J9L3jjS7W55H:emXtox7ag/a7J9L

Score
10/10
agendabootkitdiscoverypersistenceransomwarespywarestealer

Malware Config

Extracted

Family

agenda

Credentials
  • Username:
    sysadmin@ashminlc
  • Password:
    Pa55w0rd123
Attributes
  • company_id

    quQkrKaqTs

  • note

    -- Qilin Your network/system was encrypted. Encrypted files have new extension. -- Compromising and sensitive data We have downloaded compromising and sensitive data from your system/network. Our group cooperates with the mass media. If you refuse to communicate with us and we do not come to an agreement, your data will be reviewed and published on our blog and on the media page (https://31.41.244.100) Blog links: http://kbsqoivihgdmwczmxkbovk7ss2dcynitwhhfu5yw725dboqo5kthfaad.onion http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion Data includes: - Employees personal data, CVs, DL , SSN. - Complete network map including credentials for local and remote services. - Financial information including clients data, bills, budgets, annual reports, bank statements. - Complete datagrams/schemas/drawings for manufacturing in solidworks format - And more... -- Warning 1) If you modify files - our decrypt software won't able to recover data 2) If you use third party software - you can damage/modify files (see item 1) 3) You need cipher key / our decrypt software to restore you files. 4) The police or authorities will not be able to help you get the cipher key. We encourage you to consider your decisions. -- Recovery 1) Download tor browser: https://www.torproject.org/download/ 2) Go to domain 3) Enter credentials Please note that communication with us is only possible via the website in the Tor browser, which is specified in this note. All other means of communication are not real and may be created by third parties, if such were not provided in this note or on the website specified in this note. -- Credentials Extension: quQkrKaqTs Domain: aqfe4f3zqb5luwgkbnxycfxdeqjgnuhsjfiqf6wxnohamich7a6nqnyd.onion login: B5zd2EBjH7iqZratqg2V4pzWeYcBSsGw password:

rsa_privkey.plain

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\b01dff27adffe5c43253bb33fb78b40f3bbb9853a510ee978abb821c38ffced0.exe
    "C:\Users\Admin\AppData\Local\Temp\b01dff27adffe5c43253bb33fb78b40f3bbb9853a510ee978abb821c38ffced0.exe"
    1⤵
    • Enumerates connected drives
    • Writes to the Master Boot Record (MBR)
    • System Location Discovery: System Language Discovery
    PID:2344

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\QLOG\ThreadId(1).LOG
    Filesize

    8KB

    MD5

    790244ab1438dc0716526c9dab4756da

    SHA1

    dae45d03d961b7973b71d554a0ed785b7197002b

    SHA256

    c6b2c82091762ea8a00da609fbc502f197ac7f4e6a2db60c65a99d01d4a2721b

    SHA512

    5397959b232e60348b4fdc75be4b8eefea45fb8a6764f50857d0c1379b419025b980d76c4e97c29728fa3518b38e92923e2b55603f076b9e4e46f7d8c572035c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\QLOG\ThreadId(11).LOG
    Filesize

    4KB

    MD5

    8b889b0886d3d6ca1c8e4f6d7bca48e2

    SHA1

    c31fd8598291575a917ee57b2b6967e346c78f2a

    SHA256

    b9edaf51f7cbdfbc27db73797f4f16b2e5e78b70fe5b7456a7404d00459fe69c

    SHA512

    3ac2ddb9656dcc7ac37737f9ccb48da4a80e73578c550a5ffd51c2d2cb5c4a2bd84b1bea848e68cb029cbfeeabf1cc023cf68a0acd598f6361630101d544192c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\QLOG\ThreadId(15).LOG
    Filesize

    4KB

    MD5

    b9de75db67de2f938cc4db4b3b90f3be

    SHA1

    edc2535ee6762d7371e9ca08d3733f6256a3debb

    SHA256

    feec3c5238083e54ac48415b2469fa5c26e77a588a12dcc1110d759c16d39198

    SHA512

    fa1058dcac71de28ea22da98caf70a1263aa76d4d268fd536c1d72cb6b98c30349ffe70c49fa0082cc5fb23d86ed088c42fa2283f7a74cc5821a3702c4f3af1b

    Download Submit

  • memory/2344-10578-0x0000000000380000-0x00000000005CB000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2344-20785-0x0000000000380000-0x00000000005CB000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2344-31605-0x0000000000380000-0x00000000005CB000-memory.dmp

    Filesize

    2.3MB

    Download