Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
25/03/2025, 15:11
250325-skmbpsxzaw 1025/03/2025, 15:06
250325-sg1d6a1px2 1025/03/2025, 15:01
250325-sd5jpsxyct 1025/03/2025, 14:56
250325-sbdcfaxxgs 1025/03/2025, 14:50
250325-r7ve6a1nv3 1025/03/2025, 14:46
250325-r5ab7sxwhx 1025/03/2025, 14:40
250325-r2c9paxwe1 1005/02/2025, 10:25
250205-mgcefaslhw 1005/02/2025, 10:17
250205-mbs51atmbk 1005/02/2025, 09:15
250205-k785zs1pfn 10Analysis
-
max time kernel
103s -
max time network
105s -
platform
windows10-ltsc_2021_x64 -
resource
win10ltsc2021-20250314-en -
resource tags
-
submitted
25/03/2025, 14:56
General
-
Target
RansomwareSamples/Nefilim_31_08_2020_3061KB.exe
-
Size
3.0MB
-
MD5
cd7b5d2391af7cc10f5ab11f2baef503
-
SHA1
c735ff582ab489f13cfc76ee744e52b868012e2e
-
SHA256
0bafde9b22d7147de8fdb852bcd529b1730acddc9eb71316b66c180106f777f5
-
SHA512
b01c843c9a7c154ab592b667fe66b49123bfc2218904391600c1d17623b91c4e83eb6049aba01813586251596d999cce953ca689957390e658ee306a9859adca
-
SSDEEP
24576:YOXKA8qDbjm8N3CNWYqdQCVzCYXjG9xLAW0bUXo2xdQS3aVOqL1UrSlcbHLWcR4+:tXKOm8mkdHJC0jG9xE9gdQS3aLibLw
Malware Config
Signatures
-
Renames multiple (136) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
Processes
-
C:\Users\Admin\AppData\Local\Temp\RansomwareSamples\Nefilim_31_08_2020_3061KB.exe"C:\Users\Admin\AppData\Local\Temp\RansomwareSamples\Nefilim_31_08_2020_3061KB.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD526024bfff1079296a378717d3d1cb7b0
SHA126dd37b88849066fb84c3a46401fd754972f9e2f
SHA256b777912f6a8177b2c58cb448da68c0eb6b2d6ab30dcc3ea0ca7e5895f40d7887
SHA51269ca9d20b9322f772caf9698f2bd42cd1451369c2692042e9003a4c57b60708d385e59f6e17fe11f33b52eba48f1f96b3b84f9458c9df27b9707c76981432f84