Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    capcut-1-5-0.exe

  • Size

    388.1MB

  • Sample

    240811-2rv2vsxbqg

  • MD5

    aa87cdb1bacbf2c0121f628944a68ba2

  • SHA1

    22e0db81c7dfe1662226e3cfd17756647c8f4655

  • SHA256

    765be902c3801d9ff4d7d1ec17f9d9f20dee9904c5bfceabf282135b023a6417

  • SHA512

    6194e092bb5b451a68e802a9e9cc0063d1ce5edf3a72feded7868f7c237b82dfbb21cba313b6184e4fe1a267dfb3a3470158e5f775bfb943dc5b2504dc12d4a5

  • SSDEEP

    6291456:TxgvoEajwaYE6li9leTUv4gzy/E0SfeDWwhK7IJlmc3y0ufjhmNLYaDK/CFzf1Qy:TxXcllijFwgj0DWQK2Uc3y0yMNcarb

Score
9/10

Malware Config

Targets

    • Target

      capcut-1-5-0.exe

    • Size

      388.1MB

    • MD5

      aa87cdb1bacbf2c0121f628944a68ba2

    • SHA1

      22e0db81c7dfe1662226e3cfd17756647c8f4655

    • SHA256

      765be902c3801d9ff4d7d1ec17f9d9f20dee9904c5bfceabf282135b023a6417

    • SHA512

      6194e092bb5b451a68e802a9e9cc0063d1ce5edf3a72feded7868f7c237b82dfbb21cba313b6184e4fe1a267dfb3a3470158e5f775bfb943dc5b2504dc12d4a5

    • SSDEEP

      6291456:TxgvoEajwaYE6li9leTUv4gzy/E0SfeDWwhK7IJlmc3y0ufjhmNLYaDK/CFzf1Qy:TxXcllijFwgj0DWQK2Uc3y0yMNcarb

    Score
    9/10
    • Renames multiple (85) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks