cc97aa8416d4afbf132cb2f5f94cb3ae671093314325f269c7363e14f85193db | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

cc97aa8416...db.exe

windows7-x64

8

cc97aa8416...db.exe

windows10-2004-x64

8

Sharing

General

Target

cc97aa8416d4afbf132cb2f5f94cb3ae671093314325f269c7363e14f85193db
Size

280KB
Sample

221124-gg47kacf58
MD5

30b9b7aa26d3a07242d2e6ce9e95f77b
SHA1

fb3e290ec9eb4efcc5c644251817d42172baed66
SHA256

cc97aa8416d4afbf132cb2f5f94cb3ae671093314325f269c7363e14f85193db
SHA512

b1155f38f209be6fd732843c5982d8503110d28fbda780f907a0eac7fbf36194f6ffb0f82cba0eb7ac61416f829e61583920c67b0d2c84bd71f7d67b60306a26
SSDEEP

6144:hbtF3Dcrpj3Y6Dxg3gK7+X/7xdgPBT//h:hbsx1x6RSxU/h

Score

8^/10

persistence

Static task

static1

Behavioral task

behavioral1

Sample

cc97aa8416d4afbf132cb2f5f94cb3ae671093314325f269c7363e14f85193db.exe

Resource

win7-20221111-en

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

cc97aa8416d4afbf132cb2f5f94cb3ae671093314325f269c7363e14f85193db.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  cc97aa8416d4afbf132cb2f5f94cb3ae671093314325f269c7363e14f85193db
- Size
  
  280KB
- MD5
  
  30b9b7aa26d3a07242d2e6ce9e95f77b
- SHA1
  
  fb3e290ec9eb4efcc5c644251817d42172baed66
- SHA256
  
  cc97aa8416d4afbf132cb2f5f94cb3ae671093314325f269c7363e14f85193db
- SHA512
  
  b1155f38f209be6fd732843c5982d8503110d28fbda780f907a0eac7fbf36194f6ffb0f82cba0eb7ac61416f829e61583920c67b0d2c84bd71f7d67b60306a26
- SSDEEP
  
  6144:hbtF3Dcrpj3Y6Dxg3gK7+X/7xdgPBT//h:hbsx1x6RSxU/h
Score

8^/10

persistence
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Checks for any installed AV software in registry
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy