31b44a61612e460c0eb7915d87aae05df93fe4e522b9fbaa3d69c3ccf5f11cc6 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

31b44a6161...c6.exe

windows7-x64

7

31b44a6161...c6.exe

windows10-2004-x64

8

Sharing

General

Target

31b44a61612e460c0eb7915d87aae05df93fe4e522b9fbaa3d69c3ccf5f11cc6
Size

44KB
Sample

221107-vdd3vsgfe5
MD5

0fca8dd778151eef8e798bde2184a81f
SHA1

6be67a74504f19ce52782cb8bffad5b8ff6c73a6
SHA256

31b44a61612e460c0eb7915d87aae05df93fe4e522b9fbaa3d69c3ccf5f11cc6
SHA512

f336acc6cd97b2083d3401e578b6ad1cb19b117d6ce5f620a0a7e8dc7b7297099a9b1a0800155760e7208baed4a7d0c247cc22d0c217b8003ecf880bcec7bf49
SSDEEP

768:QmK5yGQVKTnf7RGur6CB3bWwUTTrzcTFXVd7/lZsomuRfCxRpmQy6eKZ:QprQAnWCc9TrzcTl/4ombRpA6eK

Score

8^/10

persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

31b44a61612e460c0eb7915d87aae05df93fe4e522b9fbaa3d69c3ccf5f11cc6.exe

Resource

win7-20220901-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

31b44a61612e460c0eb7915d87aae05df93fe4e522b9fbaa3d69c3ccf5f11cc6.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  31b44a61612e460c0eb7915d87aae05df93fe4e522b9fbaa3d69c3ccf5f11cc6
- Size
  
  44KB
- MD5
  
  0fca8dd778151eef8e798bde2184a81f
- SHA1
  
  6be67a74504f19ce52782cb8bffad5b8ff6c73a6
- SHA256
  
  31b44a61612e460c0eb7915d87aae05df93fe4e522b9fbaa3d69c3ccf5f11cc6
- SHA512
  
  f336acc6cd97b2083d3401e578b6ad1cb19b117d6ce5f620a0a7e8dc7b7297099a9b1a0800155760e7208baed4a7d0c247cc22d0c217b8003ecf880bcec7bf49
- SSDEEP
  
  768:QmK5yGQVKTnf7RGur6CB3bWwUTTrzcTFXVd7/lZsomuRfCxRpmQy6eKZ:QprQAnWCc9TrzcTl/4ombRpA6eK
Score

8^/10

persistence upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy