Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
capcut-1-5-0.exe
-
Size
388.1MB
-
Sample
240811-2rv2vsxbqg
-
MD5
aa87cdb1bacbf2c0121f628944a68ba2
-
SHA1
22e0db81c7dfe1662226e3cfd17756647c8f4655
-
SHA256
765be902c3801d9ff4d7d1ec17f9d9f20dee9904c5bfceabf282135b023a6417
-
SHA512
6194e092bb5b451a68e802a9e9cc0063d1ce5edf3a72feded7868f7c237b82dfbb21cba313b6184e4fe1a267dfb3a3470158e5f775bfb943dc5b2504dc12d4a5
-
SSDEEP
6291456:TxgvoEajwaYE6li9leTUv4gzy/E0SfeDWwhK7IJlmc3y0ufjhmNLYaDK/CFzf1Qy:TxXcllijFwgj0DWQK2Uc3y0yMNcarb
Static task
static1
Behavioral task
behavioral1
Sample
capcut-1-5-0.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
capcut-1-5-0.exe
-
Size
388.1MB
-
MD5
aa87cdb1bacbf2c0121f628944a68ba2
-
SHA1
22e0db81c7dfe1662226e3cfd17756647c8f4655
-
SHA256
765be902c3801d9ff4d7d1ec17f9d9f20dee9904c5bfceabf282135b023a6417
-
SHA512
6194e092bb5b451a68e802a9e9cc0063d1ce5edf3a72feded7868f7c237b82dfbb21cba313b6184e4fe1a267dfb3a3470158e5f775bfb943dc5b2504dc12d4a5
-
SSDEEP
6291456:TxgvoEajwaYE6li9leTUv4gzy/E0SfeDWwhK7IJlmc3y0ufjhmNLYaDK/CFzf1Qy:TxXcllijFwgj0DWQK2Uc3y0yMNcarb
Score9/10-
Renames multiple (85) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-