Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

8

bce9cf2647...cd.exe

windows7-x64

10

bce9cf2647...cd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bce9cf26477f047fa38cd71a227559248bd218679ce7c7b07530e16b4aa54dcd

  • Size

    722KB

  • Sample

    221003-1g2wzsgeh9

  • MD5

    63518f651efd1062d40dbfc3c124c267

  • SHA1

    bfbca0a83d5b15db721b2c07ea3f7c6d51ed763e

  • SHA256

    bce9cf26477f047fa38cd71a227559248bd218679ce7c7b07530e16b4aa54dcd

  • SHA512

    7b34b3134b54bc3dea9e7b5d93abbab206c56e1f633aa5b88ae601b65f52b101508776cafbb3e40a1f55b406cfb44e79d9f5ac5d3ddb87f90391605a3985d61f

  • SSDEEP

    12288:9Up3EQ6T6jpV3KVMeHf2Jl84yfFr+3p8rkKQr6MCNVkgQpNaQ4ppFJN9IJaXSO:9KTV0TfkOYK1NkgQ3+mJaCO

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      bce9cf26477f047fa38cd71a227559248bd218679ce7c7b07530e16b4aa54dcd

    • Size

      722KB

    • MD5

      63518f651efd1062d40dbfc3c124c267

    • SHA1

      bfbca0a83d5b15db721b2c07ea3f7c6d51ed763e

    • SHA256

      bce9cf26477f047fa38cd71a227559248bd218679ce7c7b07530e16b4aa54dcd

    • SHA512

      7b34b3134b54bc3dea9e7b5d93abbab206c56e1f633aa5b88ae601b65f52b101508776cafbb3e40a1f55b406cfb44e79d9f5ac5d3ddb87f90391605a3985d61f

    • SSDEEP

      12288:9Up3EQ6T6jpV3KVMeHf2Jl84yfFr+3p8rkKQr6MCNVkgQpNaQ4ppFJN9IJaXSO:9KTV0TfkOYK1NkgQ3+mJaCO

    Score
    10/10
    evasionpersistenceupx

    • Modifies firewall policy service

      evasion

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks