f7c1423cc7223b0490b8e98cb656a09eef624c9d0e1f00445031b1c635692b5d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

bb90548c9c...92.exe

windows7-x64

bb90548c9c...92.exe

windows10-2004-x64

Sharing

General

Target

bb90548c9c0dd6e411c236b55004a392
Size

388KB
Sample

221122-dp1ybsca5v
MD5

bb90548c9c0dd6e411c236b55004a392
SHA1

1e1db20778c735c26ac2411fa565a1ff43405327
SHA256

f7c1423cc7223b0490b8e98cb656a09eef624c9d0e1f00445031b1c635692b5d
SHA512

12ba06a936605a3ec6873489c863b1e922e2f989d4cab5c73936f6e9699e6a6760a8c001cfbe2ad7cad007b573f563fbea74125abc547eda409403cc4cf05231
SSDEEP

6144:pOYGXaPNxdgSdcq2pVZPOJHAbKSXXDYrM2Vfmq7k3ivPjVbdgZK:1GqN/XdctpVtkiXXDCOZij3Z

Score

10^/10

ransomware

Static task

static1

Behavioral task

behavioral1

Sample

bb90548c9c0dd6e411c236b55004a392.exe

Resource

win7-20221111-en

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

bb90548c9c0dd6e411c236b55004a392.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  bb90548c9c0dd6e411c236b55004a392
- Size
  
  388KB
- MD5
  
  bb90548c9c0dd6e411c236b55004a392
- SHA1
  
  1e1db20778c735c26ac2411fa565a1ff43405327
- SHA256
  
  f7c1423cc7223b0490b8e98cb656a09eef624c9d0e1f00445031b1c635692b5d
- SHA512
  
  12ba06a936605a3ec6873489c863b1e922e2f989d4cab5c73936f6e9699e6a6760a8c001cfbe2ad7cad007b573f563fbea74125abc547eda409403cc4cf05231
- SSDEEP
  
  6144:pOYGXaPNxdgSdcq2pVZPOJHAbKSXXDYrM2Vfmq7k3ivPjVbdgZK:1GqN/XdctpVtkiXXDCOZij3Z
Score

10^/10

ransomware
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy