028f0b1092caf4711857d0958bc798882c4ac9285895c3628f5be0c988f1d560 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

028f0b1092...60.exe

windows7_x64

9

028f0b1092...60.exe

windows10_x64

9

Sharing

General

Target

028f0b1092caf4711857d0958bc798882c4ac9285895c3628f5be0c988f1d560.exe
Size

256KB
Sample

210814-2dgb3tvqgx
MD5

156ed66fb7257ef1bdd6385c71e5aa83
SHA1

2d302323eab61e5791ab5ce2c6728e6708743bed
SHA256

028f0b1092caf4711857d0958bc798882c4ac9285895c3628f5be0c988f1d560
SHA512

c63a679abf8eb64ba4a722df4638249499d8ab9e6a94db5e3d39ab136afbe4cec563ff9698814170b12e55d5616865776273303e99a5b7e8742bc870ae5ebdb4

Score

9^/10

persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

028f0b1092caf4711857d0958bc798882c4ac9285895c3628f5be0c988f1d560.exe

Resource

win7v20210408

persistence ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

028f0b1092caf4711857d0958bc798882c4ac9285895c3628f5be0c988f1d560.exe

Resource

win10v20210410

persistence ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  028f0b1092caf4711857d0958bc798882c4ac9285895c3628f5be0c988f1d560.exe
- Size
  
  256KB
- MD5
  
  156ed66fb7257ef1bdd6385c71e5aa83
- SHA1
  
  2d302323eab61e5791ab5ce2c6728e6708743bed
- SHA256
  
  028f0b1092caf4711857d0958bc798882c4ac9285895c3628f5be0c988f1d560
- SHA512
  
  c63a679abf8eb64ba4a722df4638249499d8ab9e6a94db5e3d39ab136afbe4cec563ff9698814170b12e55d5616865776273303e99a5b7e8742bc870ae5ebdb4
Score

9^/10

persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Blocklisted process makes network request
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceransomware

behavioral2

persistenceransomware

© 2018-2025

Terms | Privacy