Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

qitasc.exe

windows7-x64

9

qitasc.exe

windows10-2004-x64

7

Resubmissions

19/09/2024, 19:17

240919-xzbwqswana 9

19/09/2024, 14:45

240919-r421tsvbjr 7

19/09/2024, 14:37

240919-rzaqsatcnc 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    qitasc.exe

  • Size

    5.1MB

  • Sample

    240919-xzbwqswana

  • MD5

    43ebe9df7e67597a160f5effa8868bf3

  • SHA1

    3cd79d15f53e36e4864122d7af81d12581fbf71c

  • SHA256

    1859dfca6e5251f22c90aa4245a953c6afb26b0d2e6dec2b4747ceef4f7df18d

  • SHA512

    c3d73c071ea7da40aad5e693e7690018f488c6d9b74577e111a016deca9fef4725436ee940f82b7940505db21a59f64dedad903a52d0dd39f8446b7f7f99758a

  • SSDEEP

    49152:XOuEZOZHIXrb/TCvO90dL3BmAFd4A64nsfJIUGBXbLxPCZMKd33UicObbWdE5qeH:XOu1oiUoB4X37Z5q0RjyJRJ3pQ+E

Score
9/10
discoveryransomware

Malware Config

Targets

    • Target

      qitasc.exe

    • Size

      5.1MB

    • MD5

      43ebe9df7e67597a160f5effa8868bf3

    • SHA1

      3cd79d15f53e36e4864122d7af81d12581fbf71c

    • SHA256

      1859dfca6e5251f22c90aa4245a953c6afb26b0d2e6dec2b4747ceef4f7df18d

    • SHA512

      c3d73c071ea7da40aad5e693e7690018f488c6d9b74577e111a016deca9fef4725436ee940f82b7940505db21a59f64dedad903a52d0dd39f8446b7f7f99758a

    • SSDEEP

      49152:XOuEZOZHIXrb/TCvO90dL3BmAFd4A64nsfJIUGBXbLxPCZMKd33UicObbWdE5qeH:XOu1oiUoB4X37Z5q0RjyJRJ3pQ+E

    Score
    9/10
    discoveryransomware

    • Renames multiple (73) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks