d4ffc32fe759a62fdf80f39ba417ac50d6868b88f78896dc3a4914a8e9bebef3 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

d4ffc32fe7...f3.exe

windows7-x64

8

d4ffc32fe7...f3.exe

windows10-2004-x64

8

Sharing

General

Target

d4ffc32fe759a62fdf80f39ba417ac50d6868b88f78896dc3a4914a8e9bebef3
Size

214KB
Sample

221127-s5c9jahd34
MD5

91b66e0a738ffa31cbb53dabbfe5303b
SHA1

f560be5e317ddcd2566951d7e85345b55f78d1e0
SHA256

d4ffc32fe759a62fdf80f39ba417ac50d6868b88f78896dc3a4914a8e9bebef3
SHA512

57583cfa65c7d74f2189ec540d7ef370b58a238a8e9159319d3d26ea770a5b539691b5a4607ad9ff0329309c40e5c98d68648bf2dfb5362c8a770f401ec4c46d
SSDEEP

3072:2gXdZt9P6D3XJjcgTBKcuOV/JOZFZ5KuWzsCi3ZhkP+YT6erSvy4rUhwRnwKCZBR:2e34VvKcugJkFZUuWzA3MWYT+vy4hq7

Score

8^/10

bootkit discovery persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d4ffc32fe759a62fdf80f39ba417ac50d6868b88f78896dc3a4914a8e9bebef3.exe

Resource

win7-20221111-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

d4ffc32fe759a62fdf80f39ba417ac50d6868b88f78896dc3a4914a8e9bebef3.exe

Resource

win10v2004-20220812-en

bootkit discovery persistence

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  d4ffc32fe759a62fdf80f39ba417ac50d6868b88f78896dc3a4914a8e9bebef3
- Size
  
  214KB
- MD5
  
  91b66e0a738ffa31cbb53dabbfe5303b
- SHA1
  
  f560be5e317ddcd2566951d7e85345b55f78d1e0
- SHA256
  
  d4ffc32fe759a62fdf80f39ba417ac50d6868b88f78896dc3a4914a8e9bebef3
- SHA512
  
  57583cfa65c7d74f2189ec540d7ef370b58a238a8e9159319d3d26ea770a5b539691b5a4607ad9ff0329309c40e5c98d68648bf2dfb5362c8a770f401ec4c46d
- SSDEEP
  
  3072:2gXdZt9P6D3XJjcgTBKcuOV/JOZFZ5KuWzsCi3ZhkP+YT6erSvy4rUhwRnwKCZBR:2e34VvKcugJkFZUuWzA3MWYT+vy4hq7
Score

8^/10

bootkit discovery persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

bootkitdiscoverypersistence

© 2018-2025

Terms | Privacy