3801aaf6403d75b9db2f6dbd66c6290384d30314f3dca713b8808ef100a9f9a4 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3801aaf640...a4.exe

windows7-x64

9

3801aaf640...a4.exe

windows10-2004-x64

3

Sharing

General

Target

3801aaf6403d75b9db2f6dbd66c6290384d30314f3dca713b8808ef100a9f9a4
Size

296KB
Sample

221127-ttfqyseg8t
MD5

a9bebdadc68b0e0430679784c52b6c5a
SHA1

97ad8adba9f347d5238382cf297cce160b0e3be6
SHA256

3801aaf6403d75b9db2f6dbd66c6290384d30314f3dca713b8808ef100a9f9a4
SHA512

29cf055f0ca1173478ae49bd478fe14b4c3612a254278a626172f3c41bab72d4a736ddbfb932f5f38ded447a14a491bf32f19df22d17c107c256d8310610a44f
SSDEEP

6144:3ZY8k5DlC0yqnrx54XuG7ft6dGNYqOdA6VpIjyiQErU:3ydw1qnNouGZuuvOhiyiRU

Score

9^/10

evasion persistence ransomware trojan

Static task

static1

Behavioral task

behavioral1

Sample

3801aaf6403d75b9db2f6dbd66c6290384d30314f3dca713b8808ef100a9f9a4.exe

Resource

win7-20220812-en

evasion persistence ransomware trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

3801aaf6403d75b9db2f6dbd66c6290384d30314f3dca713b8808ef100a9f9a4.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  3801aaf6403d75b9db2f6dbd66c6290384d30314f3dca713b8808ef100a9f9a4
- Size
  
  296KB
- MD5
  
  a9bebdadc68b0e0430679784c52b6c5a
- SHA1
  
  97ad8adba9f347d5238382cf297cce160b0e3be6
- SHA256
  
  3801aaf6403d75b9db2f6dbd66c6290384d30314f3dca713b8808ef100a9f9a4
- SHA512
  
  29cf055f0ca1173478ae49bd478fe14b4c3612a254278a626172f3c41bab72d4a736ddbfb932f5f38ded447a14a491bf32f19df22d17c107c256d8310610a44f
- SSDEEP
  
  6144:3ZY8k5DlC0yqnrx54XuG7ft6dGNYqOdA6VpIjyiQErU:3ydw1qnNouGZuuvOhiyiRU
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2

© 2018-2025

Terms | Privacy