c9ab8d297e8f2f019872adcd4d0b518e28d709d7f1f746320de1c94d11651328 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

c9ab8d297e...28.exe

windows7-x64

9

c9ab8d297e...28.exe

windows10-2004-x64

9

Sharing

General

Target

c9ab8d297e8f2f019872adcd4d0b518e28d709d7f1f746320de1c94d11651328
Size

115KB
Sample

240811-cs6sbazhlr
MD5

addc7828a829dc5c353789c386d12457
SHA1

5b6308cc1dc1f617979e48f8621764db1f80412f
SHA256

c9ab8d297e8f2f019872adcd4d0b518e28d709d7f1f746320de1c94d11651328
SHA512

a9d8fc5adb22a2ca7c2107123e9a9ae09279d1b46ae53e9bf9ebc6373a7b20a85ac7a53e816e17a69141a4349f2d8ee97d9ce67d34a710b7638962aff7b1040a
SSDEEP

1536:W7ZppApktshJYAJYDVXxX/7ZppApktshJYAJYDVXxXD:6pWpktsUVXxX9pWpktsUVXxXD

Score

9^/10

discovery ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c9ab8d297e8f2f019872adcd4d0b518e28d709d7f1f746320de1c94d11651328.exe

Resource

win7-20240704-en

discovery ransomware

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

c9ab8d297e8f2f019872adcd4d0b518e28d709d7f1f746320de1c94d11651328.exe

Resource

win10v2004-20240802-en

discovery ransomware

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  c9ab8d297e8f2f019872adcd4d0b518e28d709d7f1f746320de1c94d11651328
- Size
  
  115KB
- MD5
  
  addc7828a829dc5c353789c386d12457
- SHA1
  
  5b6308cc1dc1f617979e48f8621764db1f80412f
- SHA256
  
  c9ab8d297e8f2f019872adcd4d0b518e28d709d7f1f746320de1c94d11651328
- SHA512
  
  a9d8fc5adb22a2ca7c2107123e9a9ae09279d1b46ae53e9bf9ebc6373a7b20a85ac7a53e816e17a69141a4349f2d8ee97d9ce67d34a710b7638962aff7b1040a
- SSDEEP
  
  1536:W7ZppApktshJYAJYDVXxX/7ZppApktshJYAJYDVXxXD:6pWpktsUVXxX9pWpktsUVXxXD
Score

9^/10

discovery ransomware
- Renames multiple (4801) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware

© 2018-2025

Terms | Privacy