022c33465774d287d13a7b10f9bedb0f9f530486c7f7aec443f922da6de8af01 | Triage

Submit
Reports

Overview

overview

9

Static

static

022c334657...01.exe

windows7-x64

9

022c334657...01.exe

windows10-2004-x64

9

Sharing

General

Target

022c33465774d287d13a7b10f9bedb0f9f530486c7f7aec443f922da6de8af01.exe
Size

529KB
Sample

221011-hbsf9aaegj
MD5

7f7d201a0611f99c5719d33615d6ad74
SHA1

6d0f39be34e7095f4a61889369b56aff7b578792
SHA256

022c33465774d287d13a7b10f9bedb0f9f530486c7f7aec443f922da6de8af01
SHA512

fdbff4827f83bc3fe75c8130ebb25b28303d6fb40c0168f456d49dde3379d2e1b9bbb47fa6190d1b9be68419ecc074be3797fdea278b75e127e138c869cb2a3f
SSDEEP

12288:jYC6RswBAC5X+yqxtxfR69ACvA1DEP3EgqJ0Bb:sD/BY7CvA1DcEgqJIb

Score

9^/10

persistence ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

022c33465774d287d13a7b10f9bedb0f9f530486c7f7aec443f922da6de8af01.exe

Resource

win7-20220812-en

persistence ransomware

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

022c33465774d287d13a7b10f9bedb0f9f530486c7f7aec443f922da6de8af01.exe

Resource

win10v2004-20220812-en

persistence ransomware spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  022c33465774d287d13a7b10f9bedb0f9f530486c7f7aec443f922da6de8af01.exe
- Size
  
  529KB
- MD5
  
  7f7d201a0611f99c5719d33615d6ad74
- SHA1
  
  6d0f39be34e7095f4a61889369b56aff7b578792
- SHA256
  
  022c33465774d287d13a7b10f9bedb0f9f530486c7f7aec443f922da6de8af01
- SHA512
  
  fdbff4827f83bc3fe75c8130ebb25b28303d6fb40c0168f456d49dde3379d2e1b9bbb47fa6190d1b9be68419ecc074be3797fdea278b75e127e138c869cb2a3f
- SSDEEP
  
  12288:jYC6RswBAC5X+yqxtxfR69ACvA1DEP3EgqJ0Bb:sD/BY7CvA1DcEgqJIb
Score

9^/10

persistence ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

File Deletion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceransomware

behavioral2

persistenceransomwarespywarestealer

© 2018-2025

Terms | Privacy