0fa341451cb7cfbb390685085b3cd5aad9c4b7ad0cd9b22303ddca0efe2748ff | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

8

0fa341451c...ff.exe

windows7-x64

0fa341451c...ff.exe

windows10-2004-x64

8

Sharing

General

Target

0fa341451cb7cfbb390685085b3cd5aad9c4b7ad0cd9b22303ddca0efe2748ff
Size

234KB
Sample

221011-e9wd1sfahm
MD5

60e6d0da4b568bd0b3832322e0bb27b3
SHA1

35e8ae34586a4c02e2b34212850f20b1edf6699b
SHA256

0fa341451cb7cfbb390685085b3cd5aad9c4b7ad0cd9b22303ddca0efe2748ff
SHA512

ffdceeb13a2c9bb3c5cbf547be914a82fe92028805e31d7a4750d05daeb87458ae8a9c1b8cec326b02b67b8caf808cff4f68b216090bdd802854ae34cae1cca4
SSDEEP

6144:2xV8dI3bxRETtXaz/OJepymej5viyT5O/q9DUGEyoSd:2n8dI3b7ETtKKepymejF5aeDUGNoSd

Score

10^/10

evasion persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0fa341451cb7cfbb390685085b3cd5aad9c4b7ad0cd9b22303ddca0efe2748ff.exe

Resource

win7-20220812-en

evasion persistence upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

0fa341451cb7cfbb390685085b3cd5aad9c4b7ad0cd9b22303ddca0efe2748ff.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  0fa341451cb7cfbb390685085b3cd5aad9c4b7ad0cd9b22303ddca0efe2748ff
- Size
  
  234KB
- MD5
  
  60e6d0da4b568bd0b3832322e0bb27b3
- SHA1
  
  35e8ae34586a4c02e2b34212850f20b1edf6699b
- SHA256
  
  0fa341451cb7cfbb390685085b3cd5aad9c4b7ad0cd9b22303ddca0efe2748ff
- SHA512
  
  ffdceeb13a2c9bb3c5cbf547be914a82fe92028805e31d7a4750d05daeb87458ae8a9c1b8cec326b02b67b8caf808cff4f68b216090bdd802854ae34cae1cca4
- SSDEEP
  
  6144:2xV8dI3bxRETtXaz/OJepymej5viyT5O/q9DUGEyoSd:2n8dI3b7ETtKKepymejF5aeDUGNoSd
Score

10^/10

evasion persistence upx
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

© 2018-2025

Terms | Privacy