1e9abcb2a856feb6d7e09ad9d56c3f9deca0f1958f95c8f80e16164ea8f13a44 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1e9abcb2a8...44.exe

windows7-x64

8

1e9abcb2a8...44.exe

windows10-2004-x64

8

Sharing

General

Target

1e9abcb2a856feb6d7e09ad9d56c3f9deca0f1958f95c8f80e16164ea8f13a44
Size

157KB
Sample

221001-xtc7lscgap
MD5

6c5908c7ead20195fbbba0ce4921abb0
SHA1

5724d8b4d076fad2d838adf3d96f25b76b5253e4
SHA256

1e9abcb2a856feb6d7e09ad9d56c3f9deca0f1958f95c8f80e16164ea8f13a44
SHA512

7eec957abbdce0fb9fd7b4c044d271e562e4779364c2241a1801847d99ca95ea3787e964d7515394e6e6ef22989583e751b8107f36872b6536b66b04baa4e569
SSDEEP

3072:+9rJk8Yf7IFtIRNADzNokhYXR6i9cIBNA3xocgkUqOh/xFGNbF4Rsqfbd6el:+JVO2Iy86iTA3+4UHh/xFGNbF4RsqYel

Score

8^/10

persistence vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

1e9abcb2a856feb6d7e09ad9d56c3f9deca0f1958f95c8f80e16164ea8f13a44.exe

Resource

win7-20220812-en

persistence vmprotect

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

1e9abcb2a856feb6d7e09ad9d56c3f9deca0f1958f95c8f80e16164ea8f13a44.exe

Resource

win10v2004-20220812-en

persistence vmprotect

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  1e9abcb2a856feb6d7e09ad9d56c3f9deca0f1958f95c8f80e16164ea8f13a44
- Size
  
  157KB
- MD5
  
  6c5908c7ead20195fbbba0ce4921abb0
- SHA1
  
  5724d8b4d076fad2d838adf3d96f25b76b5253e4
- SHA256
  
  1e9abcb2a856feb6d7e09ad9d56c3f9deca0f1958f95c8f80e16164ea8f13a44
- SHA512
  
  7eec957abbdce0fb9fd7b4c044d271e562e4779364c2241a1801847d99ca95ea3787e964d7515394e6e6ef22989583e751b8107f36872b6536b66b04baa4e569
- SSDEEP
  
  3072:+9rJk8Yf7IFtIRNADzNokhYXR6i9cIBNA3xocgkUqOh/xFGNbF4Rsqfbd6el:+JVO2Iy86iTA3+4UHh/xFGNbF4RsqYel
Score

8^/10

persistence vmprotect
- Sets DLL path for service in the registry
  persistence
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencevmprotect

behavioral2

persistencevmprotect

© 2018-2025

Terms | Privacy