Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

NoMoreRansom.zip

windows7-x64

10

NoMoreRansom.zip

windows10-2004-x64

10

NoMoreRansom.zip

windows10-ltsc_2021-x64

10

NoMoreRansom.zip

windows11-21h2-x64

10

Resubmissions

16/03/2025, 00:42

250316-a2mdxs1jv4 1

16/03/2025, 00:35

250316-axnq7azrv5 10

16/03/2025, 00:32

250316-avvfyszrs2 6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NoMoreRansom.zip

  • Size

    916KB

  • Sample

    250316-axnq7azrv5

  • MD5

    f315e49d46914e3989a160bbcfc5de85

  • SHA1

    99654bfeaad090d95deef3a2e9d5d021d2dc5f63

  • SHA256

    5cbb6442c47708558da29588e0d8ef0b34c4716be4a47e7c715ea844fbcf60d7

  • SHA512

    224747b15d0713afcb2641f8f3aa1687516d42e045d456b3ed096a42757a6c10c6626672366c9b632349cf6ffe41011724e6f4b684837de9b719d0f351dfd22e

  • SSDEEP

    24576:+FhIdZxByAl+XiqNk6n3DaeCTLD1yilc7KrBVw1lFVFDqE/zQRsAOfySS:AhAgo2ikhryLD1hcerklFVhqEMiAuySS

Score
10/10
troldeshdiscoverypersistenceransomwaretrojanupx

Malware Config

Targets

    • Target

      NoMoreRansom.zip

    • Size

      916KB

    • MD5

      f315e49d46914e3989a160bbcfc5de85

    • SHA1

      99654bfeaad090d95deef3a2e9d5d021d2dc5f63

    • SHA256

      5cbb6442c47708558da29588e0d8ef0b34c4716be4a47e7c715ea844fbcf60d7

    • SHA512

      224747b15d0713afcb2641f8f3aa1687516d42e045d456b3ed096a42757a6c10c6626672366c9b632349cf6ffe41011724e6f4b684837de9b719d0f351dfd22e

    • SSDEEP

      24576:+FhIdZxByAl+XiqNk6n3DaeCTLD1yilc7KrBVw1lFVFDqE/zQRsAOfySS:AhAgo2ikhryLD1hcerklFVhqEMiAuySS

    Score
    10/10
    troldeshdiscoverypersistenceransomwaretrojanupx

    • Troldesh family

      troldesh

    • Troldesh, Shade, Encoder.858

      Troldesh is a ransomware spread by malspam.

      ransomwaretrojantroldesh

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks