4c5421c4feb711987c274d4a52d9dcb3dd8732ec076109989039da7093bf2ad0 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

sample.exe

windows7-x64

9

sample.exe

windows10-2004-x64

9

Sharing

General

Target

9fb8f797f53dceb4731688f8688eccbe7d137665d7f2542070e2b2cf7371a6ce.bin.sample.gz
Size

70KB
Sample

231022-vaxe2adb43
MD5

089f93d820bf49bef1cad70565d63d8a
SHA1

b6f95125afdb78fd92e87aa23c66191389f43b95
SHA256

4c5421c4feb711987c274d4a52d9dcb3dd8732ec076109989039da7093bf2ad0
SHA512

f0e007b1582c868a64d62aeaab67b3b6a8dd1d85a80eb8cd0676e473d12be4d13d242b8ae1e1c50917ee760b0d4e73ef3a3d37920c35b6f07e85d37d30926ba1
SSDEEP

1536:dx36gEg7RqoCpq0uPhG6HsXujN8UiUnmGQUZoCbxJxq9HSKs0nB3tpZHEv5:dx36gEgVbLhGoLjN8UiWm0xbZwbnm5

Score

9^/10

ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

sample.exe

Resource

win7-20231020-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

sample.exe

Resource

win10v2004-20231020-en

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  sample
- Size
  
  129KB
- MD5
  
  c50a3e0b68062be34e05f6761f0f75ff
- SHA1
  
  0cb1fea6f126d57977ca84ad68a3f758ca745c7a
- SHA256
  
  9fb8f797f53dceb4731688f8688eccbe7d137665d7f2542070e2b2cf7371a6ce
- SHA512
  
  126b08fd7ee107929869ef39ad226a9089be6e46e5fb077929e692195505c25b159663415c0eb7754ab2b9a1154943e6e48c37a5b157be3f386ef0984bb781ba
- SSDEEP
  
  3072:iLbLpVIYbQf91G3im/2Ef07Jysgxv8Ofr4pt6Y46ab6koEMQBfjS3f2vYeBgrOi4:iTpVLvxyq6ko0BSveYprzOu3Scur06
Score

9^/10

ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Renames multiple (3045) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Renames multiple (497) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy