23fab8e73a76e15208fd9b6085c56f8340c1b2e1879b6676c06314d1781f2b4c | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

23fab8e73a...4c.exe

windows7-x64

23fab8e73a...4c.exe

windows10-2004-x64

Sharing

General

Target

23fab8e73a76e15208fd9b6085c56f8340c1b2e1879b6676c06314d1781f2b4c
Size

460KB
Sample

221002-apq7caegfm
MD5

59e5709610450cd0910d414a37f0c004
SHA1

de8d36bfc5c392f62a6b6019b0607ff3b8408dbf
SHA256

23fab8e73a76e15208fd9b6085c56f8340c1b2e1879b6676c06314d1781f2b4c
SHA512

7d689f3edbaccc4087c2f33279a5fa956ae9d9c5b35d17c5f0475decd951097d627276661f8048a12cb0b62304fc79e268102a44768b2506595ddf39e458b2eb
SSDEEP

12288:zlSt6oIHNOhU5O5TYo4XqTig5GSR9CClDDL:zlSt69HNx6T/5xT

Score

10^/10

evasion persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

23fab8e73a76e15208fd9b6085c56f8340c1b2e1879b6676c06314d1781f2b4c.exe

Resource

win7-20220901-en

evasion persistence upx

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

23fab8e73a76e15208fd9b6085c56f8340c1b2e1879b6676c06314d1781f2b4c.exe

Resource

win10v2004-20220901-en

evasion persistence upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  23fab8e73a76e15208fd9b6085c56f8340c1b2e1879b6676c06314d1781f2b4c
- Size
  
  460KB
- MD5
  
  59e5709610450cd0910d414a37f0c004
- SHA1
  
  de8d36bfc5c392f62a6b6019b0607ff3b8408dbf
- SHA256
  
  23fab8e73a76e15208fd9b6085c56f8340c1b2e1879b6676c06314d1781f2b4c
- SHA512
  
  7d689f3edbaccc4087c2f33279a5fa956ae9d9c5b35d17c5f0475decd951097d627276661f8048a12cb0b62304fc79e268102a44768b2506595ddf39e458b2eb
- SSDEEP
  
  12288:zlSt6oIHNOhU5O5TYo4XqTig5GSR9CClDDL:zlSt69HNx6T/5xT
Score

10^/10

evasion persistence upx
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx

© 2018-2025

Terms | Privacy