Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

bef142fcb7...b5.exe

windows7-x64

8

bef142fcb7...b5.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bef142fcb708afbcf512688a5bc0e63fc91fb2d3adb09634fededb55c70925b5

  • Size

    48KB

  • Sample

    221127-pydd6sha37

  • MD5

    944cf0d89b9b2da4fbc38dda1801d3ce

  • SHA1

    8d648dcecbca9e71ea80802019777f32233dd014

  • SHA256

    bef142fcb708afbcf512688a5bc0e63fc91fb2d3adb09634fededb55c70925b5

  • SHA512

    1073c6d75779f3d6b59e3d3f01589822750d0f8191e8b3bb0ed46170b46ea2675b00eb9be594a0dd0602664d1454cba0cc51f14f8db19d80db3d43c1f7c65a9e

  • SSDEEP

    768:BZ6DFma8K6HC4kj5Jp9jrQOV/W4jcAFVLymH6SKd3j8oi4p6bxuc:+FSHHzgJL5V/Wec4OmaSs8M6P

Score
10/10
runningratpersistence

Malware Config

Targets

    • Target

      bef142fcb708afbcf512688a5bc0e63fc91fb2d3adb09634fededb55c70925b5

    • Size

      48KB

    • MD5

      944cf0d89b9b2da4fbc38dda1801d3ce

    • SHA1

      8d648dcecbca9e71ea80802019777f32233dd014

    • SHA256

      bef142fcb708afbcf512688a5bc0e63fc91fb2d3adb09634fededb55c70925b5

    • SHA512

      1073c6d75779f3d6b59e3d3f01589822750d0f8191e8b3bb0ed46170b46ea2675b00eb9be594a0dd0602664d1454cba0cc51f14f8db19d80db3d43c1f7c65a9e

    • SSDEEP

      768:BZ6DFma8K6HC4kj5Jp9jrQOV/W4jcAFVLymH6SKd3j8oi4p6bxuc:+FSHHzgJL5V/Wec4OmaSs8M6P

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Sets DLL path for service in the registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Creates a Windows Service

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks