8b44c397aa90da26edcb396ebfabf215765797f0c08beb3f8c67fdd340ed7ad1 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8b44c397aa...d1.exe

windows7-x64

6

8b44c397aa...d1.exe

windows10-2004-x64

8

Sharing

General

Target

8b44c397aa90da26edcb396ebfabf215765797f0c08beb3f8c67fdd340ed7ad1
Size

837KB
Sample

221201-1cgegsfh7w
MD5

706a0a7e0a310d4cd9892da6eac94bd5
SHA1

ddfd97c15890011473a9f8f8a539f4abdd7097ff
SHA256

8b44c397aa90da26edcb396ebfabf215765797f0c08beb3f8c67fdd340ed7ad1
SHA512

e1912d9bb4af2795638a1c01bb2508ad970449c35daa4c621b2c4f7797a4f44d82a720e66c3258c2224c8ba51ad59bc5ea2fdafe8eb450e6106601f1e7a9a80a
SSDEEP

12288:myisyhiNFfWcVFeYPPtuIk5BMqQy7wo/VrOH74xkcwpP78WwOXfwcntnicI:pisj3PlXtuXsqFwa9kcwpwW77ET

Score

8^/10

bootkit persistence

Static task

static1

Behavioral task

behavioral1

Sample

8b44c397aa90da26edcb396ebfabf215765797f0c08beb3f8c67fdd340ed7ad1.exe

Resource

win7-20220812-en

bootkit persistence

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

8b44c397aa90da26edcb396ebfabf215765797f0c08beb3f8c67fdd340ed7ad1.exe

Resource

win10v2004-20220812-en

bootkit persistence

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  8b44c397aa90da26edcb396ebfabf215765797f0c08beb3f8c67fdd340ed7ad1
- Size
  
  837KB
- MD5
  
  706a0a7e0a310d4cd9892da6eac94bd5
- SHA1
  
  ddfd97c15890011473a9f8f8a539f4abdd7097ff
- SHA256
  
  8b44c397aa90da26edcb396ebfabf215765797f0c08beb3f8c67fdd340ed7ad1
- SHA512
  
  e1912d9bb4af2795638a1c01bb2508ad970449c35daa4c621b2c4f7797a4f44d82a720e66c3258c2224c8ba51ad59bc5ea2fdafe8eb450e6106601f1e7a9a80a
- SSDEEP
  
  12288:myisyhiNFfWcVFeYPPtuIk5BMqQy7wo/VrOH74xkcwpP78WwOXfwcntnicI:pisj3PlXtuXsqFwa9kcwpwW77ET
Score

8^/10

bootkit persistence
- Modifies Installed Components in the registry
  persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence

© 2018-2025

Terms | Privacy