4cd742ef523908c6494b3bfa503a3542b90ded8c8796eb3323faf42926e8c729 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

4cd742ef52...29.exe

windows7-x64

4cd742ef52...29.exe

windows10-2004-x64

Sharing

General

Target

4cd742ef523908c6494b3bfa503a3542b90ded8c8796eb3323faf42926e8c729
Size

484KB
Sample

220919-dmyeesdfh3
MD5

b5a956bc2eaaf2e93c1910a701f21dd1
SHA1

6e39d033c0652151a7f00313580e8b1194d1be59
SHA256

4cd742ef523908c6494b3bfa503a3542b90ded8c8796eb3323faf42926e8c729
SHA512

5e3996b9c3e31a8b1735eacd6020629606915773af04e2cba6d70b1ed5f3f8489e1746cbf2882f24a645802a6a58ea5b320b8670538a1998a5bf083d357712ac
SSDEEP

12288:moUld/f2I9JECdYW4/e4Pii15XZSAmKjlafbdDNUQ:w92ILECd0R15XZS3QafpDNUQ

Score

10^/10

evasion persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

4cd742ef523908c6494b3bfa503a3542b90ded8c8796eb3323faf42926e8c729.exe

Resource

win7-20220812-en

evasion persistence upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

4cd742ef523908c6494b3bfa503a3542b90ded8c8796eb3323faf42926e8c729.exe

Resource

win10v2004-20220901-en

evasion persistence upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  4cd742ef523908c6494b3bfa503a3542b90ded8c8796eb3323faf42926e8c729
- Size
  
  484KB
- MD5
  
  b5a956bc2eaaf2e93c1910a701f21dd1
- SHA1
  
  6e39d033c0652151a7f00313580e8b1194d1be59
- SHA256
  
  4cd742ef523908c6494b3bfa503a3542b90ded8c8796eb3323faf42926e8c729
- SHA512
  
  5e3996b9c3e31a8b1735eacd6020629606915773af04e2cba6d70b1ed5f3f8489e1746cbf2882f24a645802a6a58ea5b320b8670538a1998a5bf083d357712ac
- SSDEEP
  
  12288:moUld/f2I9JECdYW4/e4Pii15XZSAmKjlafbdDNUQ:w92ILECd0R15XZS3QafpDNUQ
Score

10^/10

evasion persistence upx
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx

© 2018-2025

Terms | Privacy