ef7dc1b61660664619d49a55e3c40b02ef4a23d7e1e3ecd33b0fcf0ad4a90da1 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

ef7dc1b616...a1.exe

windows7-x64

ef7dc1b616...a1.exe

windows10-2004-x64

5

Sharing

General

Target

ef7dc1b61660664619d49a55e3c40b02ef4a23d7e1e3ecd33b0fcf0ad4a90da1
Size

216KB
Sample

221106-hra7xabddn
MD5

11bda24cc4e19c541920134e51876ab8
SHA1

4f2074f4c937b18f4585bab49a5bbdad38f1e9a8
SHA256

ef7dc1b61660664619d49a55e3c40b02ef4a23d7e1e3ecd33b0fcf0ad4a90da1
SHA512

d65a8be196d0136647ee774fa0ee18c274e74c40736a7e42f61d37401b8e2ca6c7fee93249a9d0e54b23fc43d3da557052594c1a2c0c50c73742a1fc0c9f6e52
SSDEEP

6144:wVPZ5XI8NKUPuwyvFz/rIwwBrHghSbGq:OPZ5Y84UWJruBrAhS

Score

10^/10

evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

ef7dc1b61660664619d49a55e3c40b02ef4a23d7e1e3ecd33b0fcf0ad4a90da1.exe

Resource

win7-20220812-en

evasion persistence

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

ef7dc1b61660664619d49a55e3c40b02ef4a23d7e1e3ecd33b0fcf0ad4a90da1.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  ef7dc1b61660664619d49a55e3c40b02ef4a23d7e1e3ecd33b0fcf0ad4a90da1
- Size
  
  216KB
- MD5
  
  11bda24cc4e19c541920134e51876ab8
- SHA1
  
  4f2074f4c937b18f4585bab49a5bbdad38f1e9a8
- SHA256
  
  ef7dc1b61660664619d49a55e3c40b02ef4a23d7e1e3ecd33b0fcf0ad4a90da1
- SHA512
  
  d65a8be196d0136647ee774fa0ee18c274e74c40736a7e42f61d37401b8e2ca6c7fee93249a9d0e54b23fc43d3da557052594c1a2c0c50c73742a1fc0c9f6e52
- SSDEEP
  
  6144:wVPZ5XI8NKUPuwyvFz/rIwwBrHghSbGq:OPZ5Y84UWJruBrAhS
Score

10^/10

evasion persistence
- Modifies security service
  evasion
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

© 2018-2025

Terms | Privacy