12ec0d5101214c7e6254fcf0b441c4d8ab1870372c96901d534c6bf9724c5aee | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

8

12ec0d5101...ee.exe

windows7-x64

12ec0d5101...ee.exe

windows10-2004-x64

Sharing

General

Target

12ec0d5101214c7e6254fcf0b441c4d8ab1870372c96901d534c6bf9724c5aee
Size

619KB
Sample

220919-elwpwabcgq
MD5

464dc36b66a7a838464b8b971bc61a6b
SHA1

063f715b9a864d6a14d358b1a7f52c85ee22caf1
SHA256

12ec0d5101214c7e6254fcf0b441c4d8ab1870372c96901d534c6bf9724c5aee
SHA512

f15abc22ee0ca2f1e7c5abf61742db49bb2cc77139d55cb9e18e7ac1123176c31e7396d3764fbe8fde0517e988a76cbb6d5d28f66d6805b7fc67a077f4af667b
SSDEEP

12288:x6Wq4aaE6KwyF5L0Y2D1PqLnFdLMOvGeD86h73ToEhbRcl:HthEVaPqLoiHH3TPhbql

Score

10^/10

evasion persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

12ec0d5101214c7e6254fcf0b441c4d8ab1870372c96901d534c6bf9724c5aee.exe

Resource

win7-20220812-en

evasion persistence upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

12ec0d5101214c7e6254fcf0b441c4d8ab1870372c96901d534c6bf9724c5aee.exe

Resource

win10v2004-20220812-en

evasion persistence upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  12ec0d5101214c7e6254fcf0b441c4d8ab1870372c96901d534c6bf9724c5aee
- Size
  
  619KB
- MD5
  
  464dc36b66a7a838464b8b971bc61a6b
- SHA1
  
  063f715b9a864d6a14d358b1a7f52c85ee22caf1
- SHA256
  
  12ec0d5101214c7e6254fcf0b441c4d8ab1870372c96901d534c6bf9724c5aee
- SHA512
  
  f15abc22ee0ca2f1e7c5abf61742db49bb2cc77139d55cb9e18e7ac1123176c31e7396d3764fbe8fde0517e988a76cbb6d5d28f66d6805b7fc67a077f4af667b
- SSDEEP
  
  12288:x6Wq4aaE6KwyF5L0Y2D1PqLnFdLMOvGeD86h73ToEhbRcl:HthEVaPqLoiHH3TPhbql
Score

10^/10

evasion persistence upx
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx

© 2018-2025

Terms | Privacy