f1bb5ce204bc9e9fd12c3cb8c376e36e9ab47528c7c1ca865b38b8bd02314fc9 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

Crypter.exe

windows7-x64

9

Crypter.exe

windows10-2004-x64

9

Sharing

General

Target

Crypter.exe
Size

141KB
Sample

230628-r9gxvaba6t
MD5

26156564a104eae0cc9b06306a63ed9a
SHA1

a81e06b82d233c813b8803ce1c608b83cbbba8e6
SHA256

f1bb5ce204bc9e9fd12c3cb8c376e36e9ab47528c7c1ca865b38b8bd02314fc9
SHA512

f5d502ded9705a7dc53243d9dfae2095f95fbbc288a737f2d4259caa8a6ecbc6b256d786fae042d12af4931b79033540ef0aee98fc6a5ed99539fc7a122b7c98
SSDEEP

3072:4qHmFIAcneRB2ukEtRJ2XgqNjjCvvkfV7mF:JmsexkEt2hWCm

Score

9^/10

ransomware spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Crypter.exe

Resource

win7-20230621-en

ransomware spyware stealer

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

Crypter.exe

Resource

win10v2004-20230621-en

ransomware spyware stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  Crypter.exe
- Size
  
  141KB
- MD5
  
  26156564a104eae0cc9b06306a63ed9a
- SHA1
  
  a81e06b82d233c813b8803ce1c608b83cbbba8e6
- SHA256
  
  f1bb5ce204bc9e9fd12c3cb8c376e36e9ab47528c7c1ca865b38b8bd02314fc9
- SHA512
  
  f5d502ded9705a7dc53243d9dfae2095f95fbbc288a737f2d4259caa8a6ecbc6b256d786fae042d12af4931b79033540ef0aee98fc6a5ed99539fc7a122b7c98
- SSDEEP
  
  3072:4qHmFIAcneRB2ukEtRJ2XgqNjjCvvkfV7mF:JmsexkEt2hWCm
Score

9^/10

ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Renames multiple (10303) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Renames multiple (8044) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

File Deletion

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2

ransomwarespywarestealer

© 2018-2025

Terms | Privacy