ce3286e5d49c76019f046948fd06a98a2a8672bbdad271f913f14c8a965a87a3 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

f0424f6713...32.exe

windows7-x64

9

f0424f6713...32.exe

windows10-2004-x64

9

Resubmissions

26/05/2023, 02:28

230526-cx9prsdd92 9

26/05/2023, 01:08

230526-bhn9vadg8z 9

Sharing

General

Target

f0424f67134d4761a836bd18507de8a758b5b7204282cf14ad0be04e91f28f32
Size

62KB
Sample

230526-cx9prsdd92
MD5

31cda8e41f0a1609530cd96f3f950b6c
SHA1

af48d6e7fffa203dc884d1c90af0701585b260d5
SHA256

ce3286e5d49c76019f046948fd06a98a2a8672bbdad271f913f14c8a965a87a3
SHA512

48e3e90927a35231792008077c6a2cae4cf89c7b04eccc69855e19dae16d233e4bb5390420b34fb6345a03120f22da30b9689c080c7f637d880cfab3396dc73a
SSDEEP

1536:KAEVQJREUyRRHmshr2ox7cfRYlnAWD0lbZXPPCkpI5UvYTkciqf+Qb:KAqQJREUyRR1h6Yc52AWAzPKkpcyYTZN

Score

9^/10

ransomware spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f0424f67134d4761a836bd18507de8a758b5b7204282cf14ad0be04e91f28f32.exe

Resource

win7-20230220-en

ransomware spyware stealer

windows7-x64

12 signatures

600 seconds

Behavioral task

behavioral2

Sample

f0424f67134d4761a836bd18507de8a758b5b7204282cf14ad0be04e91f28f32.exe

Resource

win10v2004-20230221-en

ransomware spyware stealer

windows10-2004-x64

15 signatures

600 seconds

Malware Config

Targets

- Target
  
  f0424f67134d4761a836bd18507de8a758b5b7204282cf14ad0be04e91f28f32
- Size
  
  129KB
- MD5
  
  3e6613fb7521062d41826e4460f7d630
- SHA1
  
  7136124383c127028e91946a7b1cb942088cf3d9
- SHA256
  
  f0424f67134d4761a836bd18507de8a758b5b7204282cf14ad0be04e91f28f32
- SHA512
  
  9cc6f870c2f64460231481f93d86fe0b2a4f2bcf98d4893faa0dacf239db56be4be460ae17aa8e8067d3c4e1220d405db2f5eba4a42583851069ea518d8526ac
- SSDEEP
  
  3072:VLbLpVIYbQf91G3im/2Ef07Jysg1n8Ovz4pt6YwSabakoEMQB/jS3fevYugrO6OL:VTpVPnx6aako0BSvmYBrrOu3SbuO06
Score

9^/10

ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Renames multiple (10666) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Renames multiple (9320) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2

ransomwarespywarestealer

© 2018-2025

Terms | Privacy