942ccb0c34ccc46b3f5b9566614932f7cb33bc93f09b0bd67a429a6b91c6125e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

942ccb0c34...5e.exe

windows7-x64

8

942ccb0c34...5e.exe

windows10-2004-x64

8

Sharing

General

Target

942ccb0c34ccc46b3f5b9566614932f7cb33bc93f09b0bd67a429a6b91c6125e
Size

552KB
Sample

220919-dn1aeadgc9
MD5

c1dca394e84edbea87941342072c82cc
SHA1

32b4f5aff7fbe60b21efe6a71263cb702d0030e1
SHA256

942ccb0c34ccc46b3f5b9566614932f7cb33bc93f09b0bd67a429a6b91c6125e
SHA512

2f525867ae31599e9f9cb7c155958220859419a3fe2d4fbd5024648c7c5aae0a2e2dccb4afc3784a2b56090b693d9fbf9a6fc304b1700158a47da33cc4b2cfc5
SSDEEP

12288:60vQwJcJmLoMIOABV2AWzj6b7MP+Dd2dvI4MW7K7yRLVVZLVMq:663Jwr3VgO7MP+h2/N7KwnIq

Score

8^/10

bootkit persistence

Static task

static1

Behavioral task

behavioral1

Sample

942ccb0c34ccc46b3f5b9566614932f7cb33bc93f09b0bd67a429a6b91c6125e.exe

Resource

win7-20220901-en

bootkit persistence

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

942ccb0c34ccc46b3f5b9566614932f7cb33bc93f09b0bd67a429a6b91c6125e.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  942ccb0c34ccc46b3f5b9566614932f7cb33bc93f09b0bd67a429a6b91c6125e
- Size
  
  552KB
- MD5
  
  c1dca394e84edbea87941342072c82cc
- SHA1
  
  32b4f5aff7fbe60b21efe6a71263cb702d0030e1
- SHA256
  
  942ccb0c34ccc46b3f5b9566614932f7cb33bc93f09b0bd67a429a6b91c6125e
- SHA512
  
  2f525867ae31599e9f9cb7c155958220859419a3fe2d4fbd5024648c7c5aae0a2e2dccb4afc3784a2b56090b693d9fbf9a6fc304b1700158a47da33cc4b2cfc5
- SSDEEP
  
  12288:60vQwJcJmLoMIOABV2AWzj6b7MP+Dd2dvI4MW7K7yRLVVZLVMq:663Jwr3VgO7MP+h2/N7KwnIq
Score

8^/10

bootkit persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

© 2018-2025

Terms | Privacy