Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

Cincoo.exe

windows7_x64

8

Cincoo.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Cincoo.exe

  • Size

    423KB

  • Sample

    211227-dhnz7acba4

  • MD5

    7976be9650ff52c6d9900a10999b1aa3

  • SHA1

    fe28575b83718ac91e2e4dea643d0e897ef80b59

  • SHA256

    9ccba9179e1e36fc5571738fb046617955e9d145116b2aa028e335e5d7153b99

  • SHA512

    b9eb73fa9a32d23329dca575359ef1ecb896cd41cff92272ded1de9c7983eecfb263675d2aee54fad9acaec31436df10b5d598d90e5a07c60680a003ab108b55

Score
10/10
ransomwarespywarestealer

Malware Config

Targets

    • Target

      Cincoo.exe

    • Size

      423KB

    • MD5

      7976be9650ff52c6d9900a10999b1aa3

    • SHA1

      fe28575b83718ac91e2e4dea643d0e897ef80b59

    • SHA256

      9ccba9179e1e36fc5571738fb046617955e9d145116b2aa028e335e5d7153b99

    • SHA512

      b9eb73fa9a32d23329dca575359ef1ecb896cd41cff92272ded1de9c7983eecfb263675d2aee54fad9acaec31436df10b5d598d90e5a07c60680a003ab108b55

    Score
    10/10
    ransomwarespywarestealer

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks