b36ccb7f541db8eeba64315c0f396a0ab6b5dfb69bb204418b4fb4679ce9e34e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

b36ccb7f54...4e.exe

windows7-x64

b36ccb7f54...4e.exe

windows10-2004-x64

8

Sharing

General

Target

b36ccb7f541db8eeba64315c0f396a0ab6b5dfb69bb204418b4fb4679ce9e34e
Size

167KB
Sample

221201-xwmh3afc61
MD5

e2a76045af016b0e1bb1a76b2d0f2365
SHA1

2601e6cb3bdd24bb9963237e961fb28fa0f32ed6
SHA256

b36ccb7f541db8eeba64315c0f396a0ab6b5dfb69bb204418b4fb4679ce9e34e
SHA512

630e58eca0cefca98e4cf468823e3875d19381c416d4c8ef3e73546b58bb077233d88a6d9e28d95fb736bffbbc672e2d4b3b2e0cd082837ab650abe5a01f4ec6
SSDEEP

3072:vWSCPLt5LIBQr0h89rrORM0n9s1Ra6usnHts44Cqezvtykql3fM:vGPHLIBk0CHOC0n9y5RvtAf

Score

10^/10

evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

b36ccb7f541db8eeba64315c0f396a0ab6b5dfb69bb204418b4fb4679ce9e34e.exe

Resource

win7-20221111-en

evasion persistence

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

b36ccb7f541db8eeba64315c0f396a0ab6b5dfb69bb204418b4fb4679ce9e34e.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  b36ccb7f541db8eeba64315c0f396a0ab6b5dfb69bb204418b4fb4679ce9e34e
- Size
  
  167KB
- MD5
  
  e2a76045af016b0e1bb1a76b2d0f2365
- SHA1
  
  2601e6cb3bdd24bb9963237e961fb28fa0f32ed6
- SHA256
  
  b36ccb7f541db8eeba64315c0f396a0ab6b5dfb69bb204418b4fb4679ce9e34e
- SHA512
  
  630e58eca0cefca98e4cf468823e3875d19381c416d4c8ef3e73546b58bb077233d88a6d9e28d95fb736bffbbc672e2d4b3b2e0cd082837ab650abe5a01f4ec6
- SSDEEP
  
  3072:vWSCPLt5LIBQr0h89rrORM0n9s1Ra6usnHts44Cqezvtykql3fM:vGPHLIBk0CHOC0n9y5RvtAf
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Deletes itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

© 2018-2025

Terms | Privacy