5161899e47f68a1af67abfae07b0ef0c235483956db27d5ce002e1e5956cf130 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

5161899e47...30.exe

windows7-x64

8

5161899e47...30.exe

windows10-2004-x64

8

Sharing

General

Target

5161899e47f68a1af67abfae07b0ef0c235483956db27d5ce002e1e5956cf130
Size

935KB
Sample

221125-qjqlmadg8w
MD5

995cba15deee3c8e6a5d995c90b18cad
SHA1

7f2bece76adfc201d317116b3efe744f3b4dd01a
SHA256

5161899e47f68a1af67abfae07b0ef0c235483956db27d5ce002e1e5956cf130
SHA512

fe4b4aa17719b2bfb0d38655fc37adfd17324b9069c9a7dd72eb752ae0bbac217fa413672857dcc425bd0adeb52dc3080f162c100a3ba24dbf66c6290e7d8439
SSDEEP

12288:I5Yr15f753d5QWIDz/Wz9NCyzHinLipNDJ5eoFb0OZ/WiGaks+HL63S27x4z:IyHv5Z+Wzv7AiBll0OBWi6si9GO

Score

8^/10

upx

Static task

static1

Behavioral task

behavioral1

Sample

5161899e47f68a1af67abfae07b0ef0c235483956db27d5ce002e1e5956cf130.exe

Resource

win7-20221111-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

5161899e47f68a1af67abfae07b0ef0c235483956db27d5ce002e1e5956cf130.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  5161899e47f68a1af67abfae07b0ef0c235483956db27d5ce002e1e5956cf130
- Size
  
  935KB
- MD5
  
  995cba15deee3c8e6a5d995c90b18cad
- SHA1
  
  7f2bece76adfc201d317116b3efe744f3b4dd01a
- SHA256
  
  5161899e47f68a1af67abfae07b0ef0c235483956db27d5ce002e1e5956cf130
- SHA512
  
  fe4b4aa17719b2bfb0d38655fc37adfd17324b9069c9a7dd72eb752ae0bbac217fa413672857dcc425bd0adeb52dc3080f162c100a3ba24dbf66c6290e7d8439
- SSDEEP
  
  12288:I5Yr15f753d5QWIDz/Wz9NCyzHinLipNDJ5eoFb0OZ/WiGaks+HL63S27x4z:IyHv5Z+Wzv7AiBll0OBWi6si9GO
Score

8^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy