05e76045e331ebcf6a874c8e503e5335dc5a5da29117a37cdf55b5d0581f45c8 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

05e76045e3...c8.exe

windows7-x64

8

05e76045e3...c8.exe

windows10-2004-x64

8

Sharing

General

Target

05e76045e331ebcf6a874c8e503e5335dc5a5da29117a37cdf55b5d0581f45c8
Size

764KB
Sample

221011-kdd3raechn
MD5

7b42a21fc666db5ce98986475599dda0
SHA1

415541444864d35b093c0966ebbfaaf5fae2fad7
SHA256

05e76045e331ebcf6a874c8e503e5335dc5a5da29117a37cdf55b5d0581f45c8
SHA512

658bb0126acff9b1cce26a1c96f551df2c5c48250974c293426bb329f1c25e3b596e2aa6540a869ad70f36edfbe1c88a0a6763978413cff1a2b013a0cb81db6f
SSDEEP

12288:w2LBXU0uy8l/9912iRA2+Blmx1ToLLeY4W7ta66mJRNY1Yzi/m3FwoKwhNGgaC8:ZLBXdb89/122A2+B+hEjta66/qiu+oKY

Score

8^/10

persistence vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

05e76045e331ebcf6a874c8e503e5335dc5a5da29117a37cdf55b5d0581f45c8.exe

Resource

win7-20220812-en

persistence vmprotect

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

05e76045e331ebcf6a874c8e503e5335dc5a5da29117a37cdf55b5d0581f45c8.exe

Resource

win10v2004-20220812-en

persistence vmprotect

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  05e76045e331ebcf6a874c8e503e5335dc5a5da29117a37cdf55b5d0581f45c8
- Size
  
  764KB
- MD5
  
  7b42a21fc666db5ce98986475599dda0
- SHA1
  
  415541444864d35b093c0966ebbfaaf5fae2fad7
- SHA256
  
  05e76045e331ebcf6a874c8e503e5335dc5a5da29117a37cdf55b5d0581f45c8
- SHA512
  
  658bb0126acff9b1cce26a1c96f551df2c5c48250974c293426bb329f1c25e3b596e2aa6540a869ad70f36edfbe1c88a0a6763978413cff1a2b013a0cb81db6f
- SSDEEP
  
  12288:w2LBXU0uy8l/9912iRA2+Blmx1ToLLeY4W7ta66mJRNY1Yzi/m3FwoKwhNGgaC8:ZLBXdb89/122A2+B+hEjta66/qiu+oKY
Score

8^/10

persistence vmprotect
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencevmprotect

behavioral2

persistencevmprotect

© 2018-2025

Terms | Privacy