019caf68ad23ee37de63db38203173ee040db5aae8ffe7cecc92dd091a20f342 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

dc85ef1ca1...0N.exe

windows7-x64

9

dc85ef1ca1...0N.exe

windows10-2004-x64

9

Sharing

General

Target

dc85ef1ca1bd25df81f1fa7b26a95240N.exe
Size

181KB
Sample

240818-n3j7vasfpb
MD5

dc85ef1ca1bd25df81f1fa7b26a95240
SHA1

593df2cac733de02d19f5fb684b28caff837b86a
SHA256

019caf68ad23ee37de63db38203173ee040db5aae8ffe7cecc92dd091a20f342
SHA512

c555f2b41f66ae12ad01ec69c20e99f3c684bd341d86b51dfe45c1046dbc1a5c91e862719a486bc1f6c3d16f0d1c4ab6a16e48b92db74cf100b4de944c630482
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eGGMmae7WpMaxeb0CYJ97lEYNR73e+eGGMmo:RqKvb0CYJ973e+eGGMmxqKvb0CYJ973h

Score

9^/10

discovery ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

dc85ef1ca1bd25df81f1fa7b26a95240N.exe

Resource

win7-20240708-en

discovery ransomware

windows7-x64

7 signatures

120 seconds

Behavioral task

behavioral2

Sample

dc85ef1ca1bd25df81f1fa7b26a95240N.exe

Resource

win10v2004-20240802-en

discovery ransomware

windows10-2004-x64

6 signatures

120 seconds

Malware Config

Targets

- Target
  
  dc85ef1ca1bd25df81f1fa7b26a95240N.exe
- Size
  
  181KB
- MD5
  
  dc85ef1ca1bd25df81f1fa7b26a95240
- SHA1
  
  593df2cac733de02d19f5fb684b28caff837b86a
- SHA256
  
  019caf68ad23ee37de63db38203173ee040db5aae8ffe7cecc92dd091a20f342
- SHA512
  
  c555f2b41f66ae12ad01ec69c20e99f3c684bd341d86b51dfe45c1046dbc1a5c91e862719a486bc1f6c3d16f0d1c4ab6a16e48b92db74cf100b4de944c630482
- SSDEEP
  
  3072:6e7WpMaxeb0CYJ97lEYNR73e+eGGMmae7WpMaxeb0CYJ97lEYNR73e+eGGMmo:RqKvb0CYJ973e+eGGMmxqKvb0CYJ973h
Score

9^/10

discovery ransomware
- Renames multiple (3595) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware

© 2018-2025

Terms | Privacy