Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2025-03-22...uk.exe

windows7-x64

10

2025-03-22...uk.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-03-22_c35b83af72f31da5a90ac85bc206286b_ryuk

  • Size

    11.3MB

  • Sample

    250322-ccqfdsvzdy

  • MD5

    c35b83af72f31da5a90ac85bc206286b

  • SHA1

    5252ae7ea2493786456ebaac71619a7adae37397

  • SHA256

    0ad70ccda65a7543b19290e288c255d093dff9fb315d6c17902b56e0648c1b30

  • SHA512

    5c4761656b709c7f222c8e93530288f4f5addcb1b8f394de5602ca43e455db951d0ad1eba07867d3586f22101b978bafcf10b9141d69332ea1cbb49d74b86c7c

  • SSDEEP

    196608:ZOgEmz555jYu/mmWeeOuWJysVYvsOFDeECRl2Ewf8jI48RmU/3ZlsPv+dv68CDOG:Emz51TWeeDWJVHykUtN3ZWMFG

Score
10/10
demonwarepyinstallerransomware

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\README.txt

Ransom Note
Tango Down Bitch! Seems like you got hit by GAmmA Group! Don't Panic, you get to have your files back! GAmmAWare uses a basic encryption script to lock your files. This type of ransomware is known as CRYPTO. You'll need a decryption key to unlock your files. Your files will be deleted when the timer runs out, so you better hurry. You have 5 days to find your key! Payment is accepted with Bitcoin only, Or Google [How to buy Bitcoin] Payment 1.06 BTC to: bc1q5wtn5wc8mfhwman409ynul9j4wnxa7kmxkumkf After Payment is confirmed Please Email: [email protected] with your IP/hostname & BTC transaction ID to receive your decryption key. ~GAmmA GrouP

Targets

    • Target

      2025-03-22_c35b83af72f31da5a90ac85bc206286b_ryuk

    • Size

      11.3MB

    • MD5

      c35b83af72f31da5a90ac85bc206286b

    • SHA1

      5252ae7ea2493786456ebaac71619a7adae37397

    • SHA256

      0ad70ccda65a7543b19290e288c255d093dff9fb315d6c17902b56e0648c1b30

    • SHA512

      5c4761656b709c7f222c8e93530288f4f5addcb1b8f394de5602ca43e455db951d0ad1eba07867d3586f22101b978bafcf10b9141d69332ea1cbb49d74b86c7c

    • SSDEEP

      196608:ZOgEmz555jYu/mmWeeOuWJysVYvsOFDeECRl2Ewf8jI48RmU/3ZlsPv+dv68CDOG:Emz51TWeeDWJVHykUtN3ZWMFG

    Score
    10/10
    demonwareransomware
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks