7184fbf90c60cd27311eaa98fb6fb24764b8144da74099c3248b158c73f51555 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

8

7184fbf90c...55.exe

windows7-x64

7184fbf90c...55.exe

windows10-2004-x64

Sharing

General

Target

7184fbf90c60cd27311eaa98fb6fb24764b8144da74099c3248b158c73f51555
Size

447KB
Sample

221020-2xrxdsabdq
MD5

4373d593663c8a9bbe7879cb795c6b5d
SHA1

57c807c68ae0faa7fb5c3a6d51769b6381e134e3
SHA256

7184fbf90c60cd27311eaa98fb6fb24764b8144da74099c3248b158c73f51555
SHA512

9141ddda68bcc3e70f4f25326d4dad9f87ce911c0d44e956a7ae49f73b27ffd8a5a2df4e9a8d9037d91ce123b62c958f62fafefa384bf47e44c4940b420d162e
SSDEEP

12288:v6Wq4aaE6KwyF5L0Y2D1PqLDoQZwTaFOGz:tthEVaPqLsdGB

Score

10^/10

evasion persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7184fbf90c60cd27311eaa98fb6fb24764b8144da74099c3248b158c73f51555.exe

Resource

win7-20220812-en

evasion persistence upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

7184fbf90c60cd27311eaa98fb6fb24764b8144da74099c3248b158c73f51555.exe

Resource

win10v2004-20220901-en

evasion persistence upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  7184fbf90c60cd27311eaa98fb6fb24764b8144da74099c3248b158c73f51555
- Size
  
  447KB
- MD5
  
  4373d593663c8a9bbe7879cb795c6b5d
- SHA1
  
  57c807c68ae0faa7fb5c3a6d51769b6381e134e3
- SHA256
  
  7184fbf90c60cd27311eaa98fb6fb24764b8144da74099c3248b158c73f51555
- SHA512
  
  9141ddda68bcc3e70f4f25326d4dad9f87ce911c0d44e956a7ae49f73b27ffd8a5a2df4e9a8d9037d91ce123b62c958f62fafefa384bf47e44c4940b420d162e
- SSDEEP
  
  12288:v6Wq4aaE6KwyF5L0Y2D1PqLDoQZwTaFOGz:tthEVaPqLsdGB
Score

10^/10

evasion persistence upx
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx

© 2018-2025

Terms | Privacy