c905175af13ae804feba14d8983cf323da2bf44d6b6b391a82053b56bfafd79b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

c905175af1...9b.exe

windows7-x64

c905175af1...9b.exe

windows10-2004-x64

Sharing

General

Target

c905175af13ae804feba14d8983cf323da2bf44d6b6b391a82053b56bfafd79b
Size

2.1MB
Sample

221128-ed3hfsgg2y
MD5

ad4cece2d4b96eca82238a14e1cb80c2
SHA1

bf9c26ed312fa49e7699bf5c929516250d7840da
SHA256

c905175af13ae804feba14d8983cf323da2bf44d6b6b391a82053b56bfafd79b
SHA512

66d9859e2867f70b13857fd0899748e6357ce5a1f8d7ab8efb444480f2712e7a64619cf8d474ed799ae3696d273c3d28eb2fb586022c2d13deabb407a478ee9e
SSDEEP

49152:DpXUpXXPiR40wNKxC9Y5lpuGIPQxMXj8iuF2QJ4O8b8ITDnlv1:GgxC9Y5lpuG8D

Score

10^/10

persistence

Static task

static1

Behavioral task

behavioral1

Sample

c905175af13ae804feba14d8983cf323da2bf44d6b6b391a82053b56bfafd79b.exe

Resource

win7-20220812-en

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

c905175af13ae804feba14d8983cf323da2bf44d6b6b391a82053b56bfafd79b.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  c905175af13ae804feba14d8983cf323da2bf44d6b6b391a82053b56bfafd79b
- Size
  
  2.1MB
- MD5
  
  ad4cece2d4b96eca82238a14e1cb80c2
- SHA1
  
  bf9c26ed312fa49e7699bf5c929516250d7840da
- SHA256
  
  c905175af13ae804feba14d8983cf323da2bf44d6b6b391a82053b56bfafd79b
- SHA512
  
  66d9859e2867f70b13857fd0899748e6357ce5a1f8d7ab8efb444480f2712e7a64619cf8d474ed799ae3696d273c3d28eb2fb586022c2d13deabb407a478ee9e
- SSDEEP
  
  49152:DpXUpXXPiR40wNKxC9Y5lpuGIPQxMXj8iuF2QJ4O8b8ITDnlv1:GgxC9Y5lpuG8D
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Modifies Installed Components in the registry
  persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy