b3395d36c87c99bd40c39aadce13fd6ab0924c4c3f17c9a51da2bf483e8ffe1d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

b3395d36c8...1d.exe

windows7-x64

9

b3395d36c8...1d.exe

windows10-2004-x64

9

Sharing

General

Target

b3395d36c87c99bd40c39aadce13fd6ab0924c4c3f17c9a51da2bf483e8ffe1d
Size

512KB
Sample

221127-2wsgjaae4t
MD5

38629019c60d85be6e1119fdea10cf01
SHA1

c8a5dacc3b505fdc0640ec937194c2296245a6b7
SHA256

b3395d36c87c99bd40c39aadce13fd6ab0924c4c3f17c9a51da2bf483e8ffe1d
SHA512

70bca22e8d84815944a5735e6876d52980a7e8551d3b4bc8e834a4ad3345ebd282bdd9a7917aa3db0c5322ab04cb9da7f89c376b05221e1cad20f4cb02999742
SSDEEP

12288:0+h9St2Ma70zIIc91Dwws4zruXic2O/3E4S:0+h9OY70z+warul3E4S

Score

9^/10

evasion

Static task

static1

Behavioral task

behavioral1

Sample

b3395d36c87c99bd40c39aadce13fd6ab0924c4c3f17c9a51da2bf483e8ffe1d.exe

Resource

win7-20220901-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

b3395d36c87c99bd40c39aadce13fd6ab0924c4c3f17c9a51da2bf483e8ffe1d.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  b3395d36c87c99bd40c39aadce13fd6ab0924c4c3f17c9a51da2bf483e8ffe1d
- Size
  
  512KB
- MD5
  
  38629019c60d85be6e1119fdea10cf01
- SHA1
  
  c8a5dacc3b505fdc0640ec937194c2296245a6b7
- SHA256
  
  b3395d36c87c99bd40c39aadce13fd6ab0924c4c3f17c9a51da2bf483e8ffe1d
- SHA512
  
  70bca22e8d84815944a5735e6876d52980a7e8551d3b4bc8e834a4ad3345ebd282bdd9a7917aa3db0c5322ab04cb9da7f89c376b05221e1cad20f4cb02999742
- SSDEEP
  
  12288:0+h9St2Ma70zIIc91Dwws4zruXic2O/3E4S:0+h9OY70z+warul3E4S
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.