ab14ca54bcaf472af45462f5a826fce4aa3226529b48794fc52e3148677ab898 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

ab14ca54bc...98.exe

windows7-x64

8

ab14ca54bc...98.exe

windows10-2004-x64

8

Sharing

General

Target

ab14ca54bcaf472af45462f5a826fce4aa3226529b48794fc52e3148677ab898
Size

463KB
Sample

221003-3p355acfb3
MD5

069a5e2553ead6f554b1199b85352890
SHA1

716e7dc313dc492083cb00b5765798da72a93016
SHA256

ab14ca54bcaf472af45462f5a826fce4aa3226529b48794fc52e3148677ab898
SHA512

7fd7e5f03e22788a679bb755147a2ac26e726d0cc60580ff3e6244bd2ef1fa565dd047b641adbefda1f022f1d837f407b8ffad1309ed85ffeb866ec0b354e84c
SSDEEP

12288:2yVclvVDlr2TXnhVMp0qAW1w+yc3WaLGzgXE61JR7:1VclhdKXnhVMpkEyc3WaB06

Score

8^/10

persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

ab14ca54bcaf472af45462f5a826fce4aa3226529b48794fc52e3148677ab898.exe

Resource

win7-20220812-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

ab14ca54bcaf472af45462f5a826fce4aa3226529b48794fc52e3148677ab898.exe

Resource

win10v2004-20220812-en

persistence upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  ab14ca54bcaf472af45462f5a826fce4aa3226529b48794fc52e3148677ab898
- Size
  
  463KB
- MD5
  
  069a5e2553ead6f554b1199b85352890
- SHA1
  
  716e7dc313dc492083cb00b5765798da72a93016
- SHA256
  
  ab14ca54bcaf472af45462f5a826fce4aa3226529b48794fc52e3148677ab898
- SHA512
  
  7fd7e5f03e22788a679bb755147a2ac26e726d0cc60580ff3e6244bd2ef1fa565dd047b641adbefda1f022f1d837f407b8ffad1309ed85ffeb866ec0b354e84c
- SSDEEP
  
  12288:2yVclvVDlr2TXnhVMp0qAW1w+yc3WaLGzgXE61JR7:1VclhdKXnhVMpkEyc3WaB06
Score

8^/10

persistence upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy