072087ec3b8be885fd82335ca0f6a831003679763eb3fd472fab01deb510f0af | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

072087ec3b...af.exe

windows7-x64

8

072087ec3b...af.exe

windows10-2004-x64

8

Sharing

General

Target

072087ec3b8be885fd82335ca0f6a831003679763eb3fd472fab01deb510f0af
Size

2.5MB
Sample

220915-qzy8psghhj
MD5

0894078d06d457b29171deb42134621e
SHA1

b97d0073e813929c8d8d545231e63fa347b4f73b
SHA256

072087ec3b8be885fd82335ca0f6a831003679763eb3fd472fab01deb510f0af
SHA512

e69bcb22530c5d091c9b3da03ace62cca664cf6969fc1fc1a1951ff5ede7811fa9778f9c83f5afe7843c703059b742f1b0c2e126f31201dbc4dd30462bb22d8b
SSDEEP

49152:uo+NvMAiTRoQ8Hx6Xk6niMZxA/bKn32ZJuuG0O0wnXx7O7lrf29RVexbPIr3fD:uRpA8x6UpMZcbyM1G0wXxslq9RVUbgrb

Score

8^/10

bootkit persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

072087ec3b8be885fd82335ca0f6a831003679763eb3fd472fab01deb510f0af.exe

Resource

win7-20220812-en

bootkit persistence upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

072087ec3b8be885fd82335ca0f6a831003679763eb3fd472fab01deb510f0af.exe

Resource

win10v2004-20220812-en

bootkit persistence upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  072087ec3b8be885fd82335ca0f6a831003679763eb3fd472fab01deb510f0af
- Size
  
  2.5MB
- MD5
  
  0894078d06d457b29171deb42134621e
- SHA1
  
  b97d0073e813929c8d8d545231e63fa347b4f73b
- SHA256
  
  072087ec3b8be885fd82335ca0f6a831003679763eb3fd472fab01deb510f0af
- SHA512
  
  e69bcb22530c5d091c9b3da03ace62cca664cf6969fc1fc1a1951ff5ede7811fa9778f9c83f5afe7843c703059b742f1b0c2e126f31201dbc4dd30462bb22d8b
- SSDEEP
  
  49152:uo+NvMAiTRoQ8Hx6Xk6niMZxA/bKn32ZJuuG0O0wnXx7O7lrf29RVexbPIr3fD:uRpA8x6UpMZcbyM1G0wXxslq9RVUbgrb
Score

8^/10

bootkit persistence upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistenceupx

behavioral2

bootkitpersistenceupx

© 2018-2025

Terms | Privacy