31ff1e523eb2d73423c1487d86cb832c3001576a9ee8510752dc01da0dd8a799 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

31ff1e523e...99.exe

windows7-x64

8

31ff1e523e...99.exe

windows10-2004-x64

8

Sharing

General

Target

31ff1e523eb2d73423c1487d86cb832c3001576a9ee8510752dc01da0dd8a799
Size

275KB
Sample

221107-t8mg2sgdb8
MD5

0ff2d18f373246c3a611c0996d0452d9
SHA1

b0e39cb91ddcd2b87d56122cb243b7e2faae1a18
SHA256

31ff1e523eb2d73423c1487d86cb832c3001576a9ee8510752dc01da0dd8a799
SHA512

e6ac7fe29e0bdf41528bbd140e2ce442cd4fa30738c685335f21e81a4da8ca588ec87e4877462d88179ec23afdd07acdd463683ba86a86186214e319c3f1e95b
SSDEEP

6144:yniHo6nx2QY7slAFRWNBfrrWK0uTNRiuooqp6pfwWm+gIdJI7l:ySo6xg5kN530xuooqMVwsgN

Score

8^/10

collection evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

31ff1e523eb2d73423c1487d86cb832c3001576a9ee8510752dc01da0dd8a799.exe

Resource

win7-20220812-en

collection evasion persistence

windows7-x64

24 signatures

150 seconds

Behavioral task

behavioral2

Sample

31ff1e523eb2d73423c1487d86cb832c3001576a9ee8510752dc01da0dd8a799.exe

Resource

win10v2004-20220901-en

evasion persistence

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  31ff1e523eb2d73423c1487d86cb832c3001576a9ee8510752dc01da0dd8a799
- Size
  
  275KB
- MD5
  
  0ff2d18f373246c3a611c0996d0452d9
- SHA1
  
  b0e39cb91ddcd2b87d56122cb243b7e2faae1a18
- SHA256
  
  31ff1e523eb2d73423c1487d86cb832c3001576a9ee8510752dc01da0dd8a799
- SHA512
  
  e6ac7fe29e0bdf41528bbd140e2ce442cd4fa30738c685335f21e81a4da8ca588ec87e4877462d88179ec23afdd07acdd463683ba86a86186214e319c3f1e95b
- SSDEEP
  
  6144:yniHo6nx2QY7slAFRWNBfrrWK0uTNRiuooqp6pfwWm+gIdJI7l:ySo6xg5kN530xuooqMVwsgN
Score

8^/10

collection evasion persistence
- Adds policy Run key to start application
  persistence
- Disables RegEdit via registry modification
  evasion
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies WinLogon
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

collectionevasionpersistence

behavioral2

evasionpersistence

© 2018-2025

Terms | Privacy