0f82e7f3277a2304e92d43bef14210bcb039f111c35b5672d130f7ceae80cb97 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

5

0f82e7f327...97.exe

windows7-x64

0f82e7f327...97.exe

windows10-2004-x64

Sharing

General

Target

0f82e7f3277a2304e92d43bef14210bcb039f111c35b5672d130f7ceae80cb97
Size

509KB
Sample

221020-hvm1waafbk
MD5

799272d844e730a754dcb56381f695d0
SHA1

7bb287e07fd8cc5248a90984dfcbc46f331c3062
SHA256

0f82e7f3277a2304e92d43bef14210bcb039f111c35b5672d130f7ceae80cb97
SHA512

3559053d05ccb227c305d6f82cc23b22426a0338a079cdca7c5814179c2e8c04ead778f35f91d5e1ca32bedc82bd5123b7edbb83f585673d35154881a6df3bee
SSDEEP

12288:jgDhdkq5BCoC5LfWSLTUQpr2Zu19Qm7zN:jgDhdkMRWfLTUO2Zu1um7zN

Score

10^/10

evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0f82e7f3277a2304e92d43bef14210bcb039f111c35b5672d130f7ceae80cb97.exe

Resource

win7-20220901-en

evasion persistence

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

0f82e7f3277a2304e92d43bef14210bcb039f111c35b5672d130f7ceae80cb97.exe

Resource

win10v2004-20220812-en

evasion persistence

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  0f82e7f3277a2304e92d43bef14210bcb039f111c35b5672d130f7ceae80cb97
- Size
  
  509KB
- MD5
  
  799272d844e730a754dcb56381f695d0
- SHA1
  
  7bb287e07fd8cc5248a90984dfcbc46f331c3062
- SHA256
  
  0f82e7f3277a2304e92d43bef14210bcb039f111c35b5672d130f7ceae80cb97
- SHA512
  
  3559053d05ccb227c305d6f82cc23b22426a0338a079cdca7c5814179c2e8c04ead778f35f91d5e1ca32bedc82bd5123b7edbb83f585673d35154881a6df3bee
- SSDEEP
  
  12288:jgDhdkq5BCoC5LfWSLTUQpr2Zu19Qm7zN:jgDhdkMRWfLTUO2Zu1um7zN
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence

© 2018-2025

Terms | Privacy