4aeb348bd9cdcc8ec42396d66114c1e9945388f71103ccc5e8f042d43c7a8e12 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

4aeb348bd9...12.exe

windows7-x64

9

4aeb348bd9...12.exe

windows10-2004-x64

9

Sharing

General

Target

4aeb348bd9cdcc8ec42396d66114c1e9945388f71103ccc5e8f042d43c7a8e12.exe
Size

4.0MB
Sample

230707-npz15sge49
MD5

1b97f1c8a03b0f4a6132d8960bc66737
SHA1

76c0ff36342891ee632ce856d03af6957d9614e3
SHA256

4aeb348bd9cdcc8ec42396d66114c1e9945388f71103ccc5e8f042d43c7a8e12
SHA512

04cec2c5d7aa4bcc506c427d245f94bf704019d7749bc35706726722fa6c455c75da79c342dbe05c5805f86322a08edb27679194f024285fee0f79d73ec6ff39
SSDEEP

49152:r2r2M/8Y+1zE3usDbOnwsHrYDUFsjVeYBCwyNP4lb3aDVRe+9v2wNNHbEUPTs:O2hdEMX5Re+VHEU7

Score

9^/10

ransomware spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4aeb348bd9cdcc8ec42396d66114c1e9945388f71103ccc5e8f042d43c7a8e12.exe

Resource

win7-20230703-en

ransomware spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

4aeb348bd9cdcc8ec42396d66114c1e9945388f71103ccc5e8f042d43c7a8e12.exe

Resource

win10v2004-20230703-en

ransomware spyware stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  4aeb348bd9cdcc8ec42396d66114c1e9945388f71103ccc5e8f042d43c7a8e12.exe
- Size
  
  4.0MB
- MD5
  
  1b97f1c8a03b0f4a6132d8960bc66737
- SHA1
  
  76c0ff36342891ee632ce856d03af6957d9614e3
- SHA256
  
  4aeb348bd9cdcc8ec42396d66114c1e9945388f71103ccc5e8f042d43c7a8e12
- SHA512
  
  04cec2c5d7aa4bcc506c427d245f94bf704019d7749bc35706726722fa6c455c75da79c342dbe05c5805f86322a08edb27679194f024285fee0f79d73ec6ff39
- SSDEEP
  
  49152:r2r2M/8Y+1zE3usDbOnwsHrYDUFsjVeYBCwyNP4lb3aDVRe+9v2wNNHbEUPTs:O2hdEMX5Re+VHEU7
Score

9^/10

ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2

ransomwarespywarestealer

© 2018-2025

Terms | Privacy