acc791703bc6e6ec9dcad7ef28ea5bcd1cf70f0a17412b28078daa66df5989d8 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

sup.logica...om.exe

windows7-x64

9

sup.logica...om.exe

windows10-2004-x64

9

Sharing

General

Target

[email protected]
Size

330KB
Sample

241025-hzc2gawerf
MD5

8c26c5bb599b606cc549ceef0d9d2da3
SHA1

86a373936df7e753f7284efc63bf8970e9a56870
SHA256

acc791703bc6e6ec9dcad7ef28ea5bcd1cf70f0a17412b28078daa66df5989d8
SHA512

f05012ab52e2e88f0342d0a9fc52be210cdb4895035c4854592f350e24ddbcf48a710c25285c73a0462d51fe937540d491f5ce376e226558398cc1eb7bab2873
SSDEEP

6144:ypBFADu1hgO8uoHKm9bDSN23GqcgCC/5t:sM6TgO1oHbHSN2334O

Score

9^/10

ransomware spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

[email protected]

Resource

win7-20240903-en

ransomware spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

[email protected]

Resource

win10v2004-20241007-en

ransomware spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  [email protected]
- Size
  
  330KB
- MD5
  
  8c26c5bb599b606cc549ceef0d9d2da3
- SHA1
  
  86a373936df7e753f7284efc63bf8970e9a56870
- SHA256
  
  acc791703bc6e6ec9dcad7ef28ea5bcd1cf70f0a17412b28078daa66df5989d8
- SHA512
  
  f05012ab52e2e88f0342d0a9fc52be210cdb4895035c4854592f350e24ddbcf48a710c25285c73a0462d51fe937540d491f5ce376e226558398cc1eb7bab2873
- SSDEEP
  
  6144:ypBFADu1hgO8uoHKm9bDSN23GqcgCC/5t:sM6TgO1oHbHSN2334O
Score

9^/10

ransomware spyware stealer
- Renames multiple (7752) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2

ransomwarespywarestealer

© 2018-2025

Terms | Privacy