fc950f34ce2005659e7b76fed9a740511688e83f84d9d7d225c0e632750518eb | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

HEUR-Troja...eb.exe

windows7-x64

HEUR-Troja...eb.exe

windows10-2004-x64

Sharing

General

Target

HEUR-Trojan.Win32.Generic-fc950f34ce2005659e7b76fed9a740511688e83f84d9d7d225c0e632750518eb.bin
Size

64KB
Sample

230501-yda8raga65
MD5

366aad320bb8a36a88491ad1d164cf09
SHA1

32e3c8c00cb87db06f8e65b2fbc7f04e08a14105
SHA256

fc950f34ce2005659e7b76fed9a740511688e83f84d9d7d225c0e632750518eb
SHA512

921b4d02d2944ea159d2d4623c5b3233bbbf574278e6f8f8f4b023c9b853c6d002f642beb78e316d643df3ab9043b0973cacb5a18a1776ba52d18fabaeff16d7
SSDEEP

768:jykKUSkyDjBSNBvSMIhK7VHQLvGdwFtg2dY6edSYQrq3RWD3Ghc5tTZ92th5Tk9x:SJEN8I5zGXgF6eIdq3Yym5l+tnP

Score

10^/10

ransomware spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

HEUR-Trojan.Win32.Generic-fc950f34ce2005659e7b76fed9a740511688e83f84d9d7d225c0e632750518eb.exe

Resource

win7-20230220-en

ransomware spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

HEUR-Trojan.Win32.Generic-fc950f34ce2005659e7b76fed9a740511688e83f84d9d7d225c0e632750518eb.exe

Resource

win10v2004-20230221-en

ransomware spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  HEUR-Trojan.Win32.Generic-fc950f34ce2005659e7b76fed9a740511688e83f84d9d7d225c0e632750518eb.bin
- Size
  
  64KB
- MD5
  
  366aad320bb8a36a88491ad1d164cf09
- SHA1
  
  32e3c8c00cb87db06f8e65b2fbc7f04e08a14105
- SHA256
  
  fc950f34ce2005659e7b76fed9a740511688e83f84d9d7d225c0e632750518eb
- SHA512
  
  921b4d02d2944ea159d2d4623c5b3233bbbf574278e6f8f8f4b023c9b853c6d002f642beb78e316d643df3ab9043b0973cacb5a18a1776ba52d18fabaeff16d7
- SSDEEP
  
  768:jykKUSkyDjBSNBvSMIhK7VHQLvGdwFtg2dY6edSYQrq3RWD3Ghc5tTZ92th5Tk9x:SJEN8I5zGXgF6eIdq3Yym5l+tnP
Score

10^/10

ransomware spyware stealer
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2

ransomwarespywarestealer

© 2018-2025

Terms | Privacy