af0314e0ee9e927fd116453216e1139b83c837d47396d57f50bf703f4e48cd41 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

af0314e0ee...41.exe

windows7-x64

9

af0314e0ee...41.exe

windows10-2004-x64

9

Sharing

General

Target

af0314e0ee9e927fd116453216e1139b83c837d47396d57f50bf703f4e48cd41
Size

623KB
Sample

221127-e8k7nadg9v
MD5

9b771ee578ee8da961bc944a9605cec2
SHA1

18d75cbaa6daf37d2ee18e51830de8fe738a8d53
SHA256

af0314e0ee9e927fd116453216e1139b83c837d47396d57f50bf703f4e48cd41
SHA512

e7da3bba6050f2954d09e604d6ce3dca01141a5d6223d3b5df78e2a4a2b2a5eba810f5424d590c1af183dfcd8c844eb2de79bb7914d8eecfc2b19729cff8d28c
SSDEEP

12288:XQXik2ugDdI251hczaS3wc4CUu4SRFZ0yD2V:1k2uN+0H3TXFRFqyD2V

Score

9^/10

evasion

Static task

static1

Behavioral task

behavioral1

Sample

af0314e0ee9e927fd116453216e1139b83c837d47396d57f50bf703f4e48cd41.exe

Resource

win7-20220901-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

af0314e0ee9e927fd116453216e1139b83c837d47396d57f50bf703f4e48cd41.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  af0314e0ee9e927fd116453216e1139b83c837d47396d57f50bf703f4e48cd41
- Size
  
  623KB
- MD5
  
  9b771ee578ee8da961bc944a9605cec2
- SHA1
  
  18d75cbaa6daf37d2ee18e51830de8fe738a8d53
- SHA256
  
  af0314e0ee9e927fd116453216e1139b83c837d47396d57f50bf703f4e48cd41
- SHA512
  
  e7da3bba6050f2954d09e604d6ce3dca01141a5d6223d3b5df78e2a4a2b2a5eba810f5424d590c1af183dfcd8c844eb2de79bb7914d8eecfc2b19729cff8d28c
- SSDEEP
  
  12288:XQXik2ugDdI251hczaS3wc4CUu4SRFZ0yD2V:1k2uN+0H3TXFRFqyD2V
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy