901f242e277472b0f214055410ff8e36fe1385e45b5ff6a628db8a4a6ca00eb9 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

901f242e27...b9.exe

windows7-x64

901f242e27...b9.exe

windows10-2004-x64

1

Sharing

General

Target

901f242e277472b0f214055410ff8e36fe1385e45b5ff6a628db8a4a6ca00eb9
Size

345KB
Sample

221126-b8xznsda85
MD5

e2c77052b14aebb6d5fe7cfe2d7245ea
SHA1

743f660f1b12a8e304ea85db024975a3777d9794
SHA256

901f242e277472b0f214055410ff8e36fe1385e45b5ff6a628db8a4a6ca00eb9
SHA512

efacccd99eb4f196feb99a44179233d46a16d8ba51c07ad3bcaac7a3fd1eaef5f775c2d5aa3b6eacd736d1ac4f5e161d079c8c107359c90d2f543bfa585b45b7
SSDEEP

6144:yCp6Q3Ow9J9HSO7Ktol68AE+0csAfWkrX/Qt+ALbEWe5p/cT:L6Q3BLHLlPzHkfrL/Qt+A835

Score

10^/10

persistence

Static task

static1

Behavioral task

behavioral1

Sample

901f242e277472b0f214055410ff8e36fe1385e45b5ff6a628db8a4a6ca00eb9.exe

Resource

win7-20220901-en

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

901f242e277472b0f214055410ff8e36fe1385e45b5ff6a628db8a4a6ca00eb9.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  901f242e277472b0f214055410ff8e36fe1385e45b5ff6a628db8a4a6ca00eb9
- Size
  
  345KB
- MD5
  
  e2c77052b14aebb6d5fe7cfe2d7245ea
- SHA1
  
  743f660f1b12a8e304ea85db024975a3777d9794
- SHA256
  
  901f242e277472b0f214055410ff8e36fe1385e45b5ff6a628db8a4a6ca00eb9
- SHA512
  
  efacccd99eb4f196feb99a44179233d46a16d8ba51c07ad3bcaac7a3fd1eaef5f775c2d5aa3b6eacd736d1ac4f5e161d079c8c107359c90d2f543bfa585b45b7
- SSDEEP
  
  6144:yCp6Q3Ow9J9HSO7Ktol68AE+0csAfWkrX/Qt+ALbEWe5p/cT:L6Q3BLHLlPzHkfrL/Qt+A835
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Sets file execution options in registry
  persistence
- Adds Run key to start application
  persistence
- Checks for any installed AV software in registry
- Drops desktop.ini file(s)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Winlogon Helper DLL

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy