avaddon | 90d8071fcbdc74c16258487c86689fa35090169b289233600c3b3dca105a729d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

48689c986e...2c.exe

windows7-x64

48689c986e...2c.exe

windows10-2004-x64

Sharing

General

Target

48689c986eb553e6a7aeba973501b9660cb1418d4ec3ba9d0511f82799d1422c.zip
Size

570KB
Sample

230311-q192labf4z
MD5

cf82682c4101984695f6bec0b7f11b38
SHA1

0775e154a080b58b9b71778708c19162e2447821
SHA256

90d8071fcbdc74c16258487c86689fa35090169b289233600c3b3dca105a729d
SHA512

be19f6e83887f44ee34a769ef816052ed6af540416a94bf881b636ee88d493bdcb39927cb4b72f86ba7ff1652f5d4fb1ee8b422ef176a79f394ddf601a6ed39a
SSDEEP

12288:VvBN9Eg7u/4xmMXCnVpp8dwDAldGmKh5++2LRejl719Z4JxPrWH5Q7b2:VJvEOF4MXCnPpXclQhb2AjlV4rDWH5wS

Score

10^/10

avaddon evasion ransomware trojan

Static task

static1

Behavioral task

behavioral1

Sample

48689c986eb553e6a7aeba973501b9660cb1418d4ec3ba9d0511f82799d1422c.exe

Resource

win7-20230220-en

avaddon evasion ransomware trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

48689c986eb553e6a7aeba973501b9660cb1418d4ec3ba9d0511f82799d1422c.exe

Resource

win10v2004-20230220-en

avaddon evasion ransomware trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  48689c986eb553e6a7aeba973501b9660cb1418d4ec3ba9d0511f82799d1422c.exe
- Size
  
  645KB
- MD5
  
  79cdf459683c39e9704a37a6be9bc877
- SHA1
  
  450d4f351c3dd168e313b309da4bd8a817453d1d
- SHA256
  
  48689c986eb553e6a7aeba973501b9660cb1418d4ec3ba9d0511f82799d1422c
- SHA512
  
  2cc3f164e92650c4d4aed7012da7d303d24cdc63565ed744a28cb6d59465189233a128a01f4b807aa972057e0d0d98742c5ca9b41a67bf59f0f115de30eb6bd4
- SSDEEP
  
  12288:Ya8gND5n7gG2WERaCyDVbdlSQLeYBgdAULx9mutZo5B:YgNDBg3JRaCyDVplSUBgrHtZor
Score

10^/10

avaddon evasion ransomware trojan
- Avaddon
  Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.
  ransomware avaddon
- Avaddon payload
- UAC bypass
  evasion trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

File Deletion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

avaddonevasionransomwaretrojan

behavioral2

avaddonevasionransomwaretrojan

© 2018-2025

Terms | Privacy