112c43d3a47a3c809d5521e68a8ed500ad995456458c67c2ce0f46bc9f1d701b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

112c43d3a4...1b.exe

windows7-x64

9

112c43d3a4...1b.exe

windows10-2004-x64

9

Sharing

General

Target

112c43d3a47a3c809d5521e68a8ed500ad995456458c67c2ce0f46bc9f1d701b
Size

601KB
Sample

221127-p9fcxahg95
MD5

49dd6bc79e73364699ae780146229c6f
SHA1

ec4884e761f3cf54e7d9541bed7dd6bc366aa7d6
SHA256

112c43d3a47a3c809d5521e68a8ed500ad995456458c67c2ce0f46bc9f1d701b
SHA512

3d17655aaf05e67256aba37dabdf031af86bf2258a5c8cb2c5ffd56327738b1c71596653ca0b19e3815bc4390820e6bc31e8c3763d4e56ab23541d46cda10f3b
SSDEEP

12288:xORNsuj7LM2e2Bl4St2AxKeAN+GKnvLof/9WraN0bfs3kZwD+ZAd2:xsNsmM2lBmSt2A+yTof/YrdfqkZwD4AY

Score

9^/10

evasion

Static task

static1

Behavioral task

behavioral1

Sample

112c43d3a47a3c809d5521e68a8ed500ad995456458c67c2ce0f46bc9f1d701b.exe

Resource

win7-20221111-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

112c43d3a47a3c809d5521e68a8ed500ad995456458c67c2ce0f46bc9f1d701b.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  112c43d3a47a3c809d5521e68a8ed500ad995456458c67c2ce0f46bc9f1d701b
- Size
  
  601KB
- MD5
  
  49dd6bc79e73364699ae780146229c6f
- SHA1
  
  ec4884e761f3cf54e7d9541bed7dd6bc366aa7d6
- SHA256
  
  112c43d3a47a3c809d5521e68a8ed500ad995456458c67c2ce0f46bc9f1d701b
- SHA512
  
  3d17655aaf05e67256aba37dabdf031af86bf2258a5c8cb2c5ffd56327738b1c71596653ca0b19e3815bc4390820e6bc31e8c3763d4e56ab23541d46cda10f3b
- SSDEEP
  
  12288:xORNsuj7LM2e2Bl4St2AxKeAN+GKnvLof/9WraN0bfs3kZwD+ZAd2:xsNsmM2lBmSt2A+yTof/YrdfqkZwD4AY
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy