d632b3decfdafc85f913819b80bb6795fad2e762b9fde43dbe809c5e3f9fbd10 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

d632b3decf...10.exe

windows7-x64

9

d632b3decf...10.exe

windows10-2004-x64

8

Sharing

General

Target

d632b3decfdafc85f913819b80bb6795fad2e762b9fde43dbe809c5e3f9fbd10
Size

2.8MB
Sample

221126-1kewmafg54
MD5

d40e282b4631e382d02efefcc48c5e39
SHA1

d94ffe792309fe24806fc249af33170f4e4e4b9f
SHA256

d632b3decfdafc85f913819b80bb6795fad2e762b9fde43dbe809c5e3f9fbd10
SHA512

cdbfdc5de2f565ceca11598a24efc394d5a9f1dacb73de1a52b5d652c64e95e1877500a690e7ee5cdef2ccd4d622be8e60a008e4a69f9d43c68b8aeab36c17a4
SSDEEP

49152:3Fo6OJcXyRtQsWk0/w0Pelu8G5Uowg63javfA72lDKazLOvz2ii:3FbscX8usWBxPeoVOoavalDKa0Cx

Score

9^/10

upx

Static task

static1

Behavioral task

behavioral1

Sample

d632b3decfdafc85f913819b80bb6795fad2e762b9fde43dbe809c5e3f9fbd10.exe

Resource

win7-20221111-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

d632b3decfdafc85f913819b80bb6795fad2e762b9fde43dbe809c5e3f9fbd10.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  d632b3decfdafc85f913819b80bb6795fad2e762b9fde43dbe809c5e3f9fbd10
- Size
  
  2.8MB
- MD5
  
  d40e282b4631e382d02efefcc48c5e39
- SHA1
  
  d94ffe792309fe24806fc249af33170f4e4e4b9f
- SHA256
  
  d632b3decfdafc85f913819b80bb6795fad2e762b9fde43dbe809c5e3f9fbd10
- SHA512
  
  cdbfdc5de2f565ceca11598a24efc394d5a9f1dacb73de1a52b5d652c64e95e1877500a690e7ee5cdef2ccd4d622be8e60a008e4a69f9d43c68b8aeab36c17a4
- SSDEEP
  
  49152:3Fo6OJcXyRtQsWk0/w0Pelu8G5Uowg63javfA72lDKazLOvz2ii:3FbscX8usWBxPeoVOoavalDKa0Cx
Score

9^/10

upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Blocklisted process makes network request
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy