2ecff01cd1e6a7d7be11233eeec60c1fe75be4d6b601bb658ff1f55077325121 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

2ecff01cd1...21.exe

windows7-x64

2ecff01cd1...21.exe

windows10-2004-x64

5

Sharing

General

Target

2ecff01cd1e6a7d7be11233eeec60c1fe75be4d6b601bb658ff1f55077325121
Size

167KB
Sample

221020-k1rmcsege9
MD5

80a91d94d8da4719e924205c807bb470
SHA1

d1843adbf687b1884ae9b8ba7e5e213ba1a3420f
SHA256

2ecff01cd1e6a7d7be11233eeec60c1fe75be4d6b601bb658ff1f55077325121
SHA512

572a6b78fafeecf883380eae2a2e4adfe6c2c52620a0989266da035bd5980c3f91cd07d15b7f18b635f39ac1ddff89b58da85dc37f076f34fdb83f99c2000d4f
SSDEEP

3072:A+xcVA6zP7kJ9tT0LOVpWhJB8UI3AmckWzl+51z4ksrzRRz6EGb03:A+yVA0W9tYL58UIqlCeC

Score

10^/10

evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

2ecff01cd1e6a7d7be11233eeec60c1fe75be4d6b601bb658ff1f55077325121.exe

Resource

win7-20220812-en

evasion persistence

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

2ecff01cd1e6a7d7be11233eeec60c1fe75be4d6b601bb658ff1f55077325121.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  2ecff01cd1e6a7d7be11233eeec60c1fe75be4d6b601bb658ff1f55077325121
- Size
  
  167KB
- MD5
  
  80a91d94d8da4719e924205c807bb470
- SHA1
  
  d1843adbf687b1884ae9b8ba7e5e213ba1a3420f
- SHA256
  
  2ecff01cd1e6a7d7be11233eeec60c1fe75be4d6b601bb658ff1f55077325121
- SHA512
  
  572a6b78fafeecf883380eae2a2e4adfe6c2c52620a0989266da035bd5980c3f91cd07d15b7f18b635f39ac1ddff89b58da85dc37f076f34fdb83f99c2000d4f
- SSDEEP
  
  3072:A+xcVA6zP7kJ9tT0LOVpWhJB8UI3AmckWzl+51z4ksrzRRz6EGb03:A+yVA0W9tYL58UIqlCeC
Score

10^/10

evasion persistence
- Modifies security service
  evasion
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

© 2018-2025

Terms | Privacy