2bd409ff08dcc0576b17d9649459cb4ac32e1ade675ed4b9bf613c08b1b52416 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

2bd409ff08...16.exe

windows7-x64

8

2bd409ff08...16.exe

windows10-2004-x64

8

Sharing

General

Target

2bd409ff08dcc0576b17d9649459cb4ac32e1ade675ed4b9bf613c08b1b52416
Size

935KB
Sample

221125-r9yklaaa7s
MD5

37dad09aad0f768d46d13a82a26b9cfb
SHA1

66b6e4d3c788e62af0adc8a3094ed1e3e597aeaa
SHA256

2bd409ff08dcc0576b17d9649459cb4ac32e1ade675ed4b9bf613c08b1b52416
SHA512

424e9ffd81d2327e06a067678115e9e620c4076eb7f6ae9859aebee37c97780bfe397ebce44ea2cda2b4829bc236bc89a7129a3b2225483eef86e7cd778ebe8d
SSDEEP

12288:J5Yr15f753d5QWIDz/Wz9NCyzHinLipNDJ5eoFb0OZ/WiGaks+HL63S27x45:JyHv5Z+Wzv7AiBll0OBWi6si9GI

Score

8^/10

upx

Static task

static1

Behavioral task

behavioral1

Sample

2bd409ff08dcc0576b17d9649459cb4ac32e1ade675ed4b9bf613c08b1b52416.exe

Resource

win7-20221111-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

2bd409ff08dcc0576b17d9649459cb4ac32e1ade675ed4b9bf613c08b1b52416.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  2bd409ff08dcc0576b17d9649459cb4ac32e1ade675ed4b9bf613c08b1b52416
- Size
  
  935KB
- MD5
  
  37dad09aad0f768d46d13a82a26b9cfb
- SHA1
  
  66b6e4d3c788e62af0adc8a3094ed1e3e597aeaa
- SHA256
  
  2bd409ff08dcc0576b17d9649459cb4ac32e1ade675ed4b9bf613c08b1b52416
- SHA512
  
  424e9ffd81d2327e06a067678115e9e620c4076eb7f6ae9859aebee37c97780bfe397ebce44ea2cda2b4829bc236bc89a7129a3b2225483eef86e7cd778ebe8d
- SSDEEP
  
  12288:J5Yr15f753d5QWIDz/Wz9NCyzHinLipNDJ5eoFb0OZ/WiGaks+HL63S27x45:JyHv5Z+Wzv7AiBll0OBWi6si9GI
Score

8^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy