9ccba9179e1e36fc5571738fb046617955e9d145116b2aa028e335e5d7153b99 | Triage

Submit
Reports

Overview

overview

Static

static

Cincoo.exe

windows7_x64

8

Cincoo.exe

windows10_x64

Sharing

General

Target

Cincoo.exe
Size

423KB
Sample

211227-dhnz7acba4
MD5

7976be9650ff52c6d9900a10999b1aa3
SHA1

fe28575b83718ac91e2e4dea643d0e897ef80b59
SHA256

9ccba9179e1e36fc5571738fb046617955e9d145116b2aa028e335e5d7153b99
SHA512

b9eb73fa9a32d23329dca575359ef1ecb896cd41cff92272ded1de9c7983eecfb263675d2aee54fad9acaec31436df10b5d598d90e5a07c60680a003ab108b55

Score

10^/10

ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Cincoo.exe

Resource

win7-en-20211208

ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Cincoo.exe

Resource

win10-en-20211208

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Cincoo.exe
- Size
  
  423KB
- MD5
  
  7976be9650ff52c6d9900a10999b1aa3
- SHA1
  
  fe28575b83718ac91e2e4dea643d0e897ef80b59
- SHA256
  
  9ccba9179e1e36fc5571738fb046617955e9d145116b2aa028e335e5d7153b99
- SHA512
  
  b9eb73fa9a32d23329dca575359ef1ecb896cd41cff92272ded1de9c7983eecfb263675d2aee54fad9acaec31436df10b5d598d90e5a07c60680a003ab108b55
Score

10^/10

ransomware spyware stealer
- Suspicious use of NtCreateProcessExOtherParentProcess
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2

© 2018-2024

Terms | Privacy