cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

1

cb966139ad...7b.exe

windows7-x64

cb966139ad...7b.exe

windows10-2004-x64

8

Sharing

General

Target

cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
Size

4.8MB
Sample

240212-fhcchabf6y
MD5

9803950281290044e32fb78605c129b5
SHA1

133f587df70680d81c18d8c112b9a34e6041d629
SHA256

cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b
SHA512

b5be7c8710a6dfea3fafc85cd10881c62be587607be8f05a61f9bf6aa88456c8c1dd694c85dd5707cd5518bb2f87f077824e410c24f081fab30ea13572de3c21
SSDEEP

98304:pWFsTuRN2zazBLlLvOc1Pgd1E20fzsFvOF3BQQi4y0g1ea6:pWFsTuRN2zahf1Y7EhZSlI

Score

9^/10

evasion ransomware trojan

Static task

static1

Behavioral task

behavioral1

Sample

cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe

Resource

win7-20231129-en

evasion ransomware trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b.exe
- Size
  
  4.8MB
- MD5
  
  9803950281290044e32fb78605c129b5
- SHA1
  
  133f587df70680d81c18d8c112b9a34e6041d629
- SHA256
  
  cb966139adb162ea019d1f6ca648febaf4249cbb9e255f492987f26087c3397b
- SHA512
  
  b5be7c8710a6dfea3fafc85cd10881c62be587607be8f05a61f9bf6aa88456c8c1dd694c85dd5707cd5518bb2f87f077824e410c24f081fab30ea13572de3c21
- SSDEEP
  
  98304:pWFsTuRN2zazBLlLvOc1Pgd1E20fzsFvOF3BQQi4y0g1ea6:pWFsTuRN2zahf1Y7EhZSlI
Score

9^/10

evasion ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Blocklisted process makes network request
- Checks whether UAC is enabled
  evasion trojan
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionransomwaretrojan

behavioral2

© 2018-2025

Terms | Privacy