demonware | b7def7c2139cdaa2483a681ed343133f1f034a4d53136d32157c89c8705a4765 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

2025-03-17...uk.exe

windows10-2004-x64

2025-03-17...uk.exe

windows11-21h2-x64

Resubmissions

17/03/2025, 03:29

250317-d18sbayxhw 10

17/03/2025, 03:22

250317-dw9h2syxat 10

17/03/2025, 01:55

250317-cca1pswxc1 10

Sharing

General

Target

2025-03-17_ff03d71dba0625380d825791779942dc_ryuk
Size

11.7MB
Sample

250317-dw9h2syxat
MD5

ff03d71dba0625380d825791779942dc
SHA1

f7d6e8f6701738718eb250926d73f3070157f913
SHA256

b7def7c2139cdaa2483a681ed343133f1f034a4d53136d32157c89c8705a4765
SHA512

ed32529a3a278af0e49507925806513baf90f6948d98f638cae31489efb30bdc23dfb916d405827aa6dfdc6856ef97bfd89832b17f5d1372759e92ecfd5fcc7d
SSDEEP

196608:a8Hu1FcHZZY0MhCZBTX1QFhjwt25Hnuz48RmU/3ZlsPvXfg2TvN8C1Uggo19T20Q:1HuMHZilAHOHuztN3ZWXBTMw19Sy

Score

10^/10

demonware pyinstaller ransomware

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2025-03-17_ff03d71dba0625380d825791779942dc_ryuk.exe

Resource

win10v2004-20250314-en

demonware ransomware

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-03-17_ff03d71dba0625380d825791779942dc_ryuk.exe

Resource

win11-20250313-en

demonware ransomware

windows11-21h2-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  2025-03-17_ff03d71dba0625380d825791779942dc_ryuk
- Size
  
  11.7MB
- MD5
  
  ff03d71dba0625380d825791779942dc
- SHA1
  
  f7d6e8f6701738718eb250926d73f3070157f913
- SHA256
  
  b7def7c2139cdaa2483a681ed343133f1f034a4d53136d32157c89c8705a4765
- SHA512
  
  ed32529a3a278af0e49507925806513baf90f6948d98f638cae31489efb30bdc23dfb916d405827aa6dfdc6856ef97bfd89832b17f5d1372759e92ecfd5fcc7d
- SSDEEP
  
  196608:a8Hu1FcHZZY0MhCZBTX1QFhjwt25Hnuz48RmU/3ZlsPvXfg2TvN8C1Uggo19T20Q:1HuMHZilAHOHuztN3ZWXBTMw19Sy
Score

10^/10

demonware ransomware
- DemonWare
  Ransomware first seen in mid-2020.
  ransomware demonware
- Demonware family
  demonware
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

demonwareransomware

behavioral2

demonwareransomware

© 2018-2025

Terms | Privacy